I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inputs -> Intelligence Downloads). I don't want to trigger Threat Activity results...
( as per https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Addthreatintelcustomlookup) . and are unable to use this intelligence list with the "inputintelligence" command. Also, we see error l...
Hi All,
I work with Datamodels, and trying to create search which will alert me about TOR communication.
Having some issues with enrichment. Can somebody help.
| eval TOR="iblocklist_tor"
...
