Splunk ES documentation https://docs.splunk.com/Documentation/ES/7.1.1/Admin/Downloadthreatfeed#Add_a_URL-based_threat_source describes how toAdd a URL-based threat source and it seems w...
I am struggling to find a post for my answer because the naming for SplunkEnterprise and EnterpriseSecurity is so similar and I am only seeing results for ES.. I want to find a way toaddThreatIntelligence...
Hello to all my dear friends We have SH-Cluster with 5 Search head and EnterpriseSecurity(ES). When I want toadd a new Threat List as a URL, I have to go to this address: ES APP\Configure\Data E...
Is there a way to use lookups toaddthreatintelligenceto the non-network based intelligence stores, such as file_intel? I know STIX and OpenIOC can populate these, however, I've got IOCs in C...
Hi I would like toadd an additional ThreatIntelligence Feed to the collection of the Intelligence Downloads in EnterpriseSecurity. The Service-URL needs to have an authorization header to...
We have looked at adding some threatintelligence apps to our EnterpriseSecurity instance and have decided that we can consume the information that we are looking for via TAXII feed. The i...
We have a Tor threatintelligence feed that we require toaddtoSplunkEnterprise.
The intelligence feed is from dan . me . uk / tornodes
The format of the page is typically html followed by a...
We're a small SOC team and looking to integrate threat intel matching into our Splunk deployment. We know ES does this well, and might purchase in the future, though right now I'm looking for a...
Palo Alto Networks Add-on 6.0.2 - fail to download threatintelligence from AutoFocus' MineMeld in SplunkEnterpriseSecurity
I installed Palo Alto Networks Add-on 6.0.2 and configured it to d...
...ommunity.splunk.com/t5/Security/Add-domains-to-threat-lists/td-p/116392
Or its related to below dashboard in EnterpriseSecurity Suit?
SplunkEnterpriseSecuritySuite/SecurityIntelligence/ThreatIntelligence/Threat...