I have a problem, I recently started using the Splunk Theat IntelligenceManagement (TRU STAR) platform, which is our IOC management tools that contain different sources of intelligence.
The tool h...
Hi Splunkers,
I will appreciate any approximate estimates on expected volumes and sources of data that will satisfy general needs for a nice functionality of ITSI in a mixed environment with, f...
Hello,
I added a new threat intelligencesource inSplunk Enterprise Security (https://ransomwaretracker.abuse.ch/feeds/csv/ ). The download works fine and the list is stored in /opt/splunk/etc/a...
So when setting up a new Service inSplunk IT Service Intelligence, it allows you to select a Generic KPI or Select from a list of pre-defined KPI's provided by sSplunk (Thank you very much). I'm n...
We are having an issue where a single threat intelligence download is failing (SANS blocklist) regularly. I can wget the file just fine from the search head where Splunk Enterprise Security is in...
After configuring the proxy settings for downloading the Splunk for Enterprise Security IntelligenceSource data, I am still receiving errors indicating the download has failed. I know this is a r...
...tored. Our cloud-based web proxy logs does not include the protocol header in the URL field. Since the Web data model requires this and several of our custom threat intelligencesourcesin...
...vents), for human revision.
There's a paid app, "Splunk IT Service Inteligence" (https://splunkbase.splunk.com/app/1841/ ), that looks like an "Event Management software", and works with the Common In...