Below is my spl
|from datamodel:"Threat_Intelligence".""Threat_Activity"
|dedup threat_match_field,threat_match_value
|search NOT
[|inputintelligence cisco_top_million_sites
|rename d...
hi When I type this command, the following error message is displayed. | inputintelligence mitre_attack error command: Error in 'inputintelligence' command: Inputintelligence does not support t...
I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inputs -> Intelligence Downloads). I don't want to trigger Threat Activity results...
...ownloaded ? How to view these collection s ? | inputintelligence emerging_threats_ip_blocklist
OR
| inputlookup emerging_threats_ip_blocklist
OR
| inputintelligence cisco_top_one_million_sites
OR
| i...
( as per https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Addthreatintelcustomlookup) . and are unable to use this intelligence list with the "inputintelligence" command. Also, we see error l...
Hi All,
I work with Datamodels, and trying to create search which will alert me about TOR communication.
Having some issues with enrichment. Can somebody help.
| eval TOR="iblocklist_tor"
...