Hey gents
My customer is asking me to create a new threat intelligencesource in the Enterprise Security app (version 4.5.1.)
He told me that he is going to provide an .ioc file with the f...
Hi Splunkers,
I will appreciate any approximate estimates on expected volumes and sources of data that will satisfy general needs for a nice functionality of ITSI in a mixed environment with, f...
Hi,
I have a intelligence lookup file in SA-ThreatIntelligence APP.
This lookup schedule content update with open source intelligencesources.
I am using Threat intelligence on Splunk E...
In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under
Review the logic for retention the document states, "The threat retention input runs ever...
Hello,
I added a new threat intelligencesource in Splunk Enterprise Security (https://ransomwaretracker.abuse.ch/feeds/csv/ ). The download works fine and the list is stored in /opt/splunk/etc/a...
So when setting up a new Service in Splunk IT Service Intelligence, it allows you to select a Generic KPI or Select from a list of pre-defined KPI's provided by sSplunk (Thank you very much). I'm n...
...ddress or Domain in my lookup table?
Secondly is there a way to automatically download Threat Intelligence from other sources? I am interested in the CCIRC, TAXII, Facebook, and/or Malware domain t...
We are having an issue where a single threat intelligence download is failing (SANS blocklist) regularly. I can wget the file just fine from the search head where Splunk Enterprise Security is i...
...eported bug, however, I want to be able to confirm this data is actually downloading. Where can I find whether or not the data is really downloading from the Threat Intelligencesources? It seems t...