How to convert splunk event to stix 2.1 json because i think to connection to a soc center now i use splunk enterprise how can i do ? any app can convert?
Splunkers,
Once a stix formatted IOC file has been successfully uploaded via Splunk Enterprise Security "Upload Threat Intelligence", I'd like to view the contents of that upload to review the I...
The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did not receive any on 4/3 or 4/9. I am trying to determine what happened on those d...
Hi Splunkers.
I've manually uploaded a STIX file into ES.
The file has uploaded successfully (file can be seen in /opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/lookups) but I am unable to v...
Hello Splunk Experts, My organization has splunk cloud and enterprise security. I was wondering if Splunk is capable of acting as a stix/taxii client so that I can enroll with a threat i...
As the subject, can splunk enterprise import Threat Intelligence in STIX and XML format with less features in Splunk Enterprise as I only have splunk Enterprise but no Splunk ES? (But the Splunk ES h...
...hreatIntelligence/local/data/threat_intel/IB-15-20115.stix.xml"
I have confirmed that the STIX files are of flavor 1.1.1 and that there are indicators inside them. Is there a specific type of indicators a...
Hi, We have Configured custom threat intel feeds with splunk. The connection is succesful the status of the file shows "file downloaded". I have checked the threat intel audit logs an...
Is there a way to use lookups to add threat intelligence to the non-network based intelligence stores, such as file_intel? I know STIX and OpenIOC can populate these, however, I've got IOCs in C...