In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under
Review the logic for retention the document states, "The threat retention input runs e...
Hey gents
My customer is asking me to create a new threatintelligencesource in the Enterprise Security app (version 4.5.1.)
He told me that he is going to provide an .ioc file with the f...
Hello,
I added a new threatintelligencesource in Splunk Enterprise Security (https://ransomwaretracker.abuse.ch/feeds/csv/ ). The download works fine and the list is stored in /opt/splunk/etc/a...
We are having an issue where a single threatintelligence download is failing (SANS blocklist) regularly. I can wget the file just fine from the search head where Splunk Enterprise Security is i...
...eported bug, however, I want to be able to confirm this data is actually downloading. Where can I find whether or not the data is really downloading from the ThreatIntelligencesources? It seems t...
So when setting up a new Service in Splunk IT Service Intelligence, it allows you to select a Generic KPI or Select from a list of pre-defined KPI's provided by sSplunk (Thank you very much). I'm n...
...tored. Our cloud-based web proxy logs does not include the protocol header in the URL field. Since the Web data model requires this and several of our custom threatintelligencesources i...