Hi Splunkers,   we have ingested Threat Intelligence Feeds from Group-IB  into Splunk, we want to benefit from this data as much as possible.   I want to understand how Splunk ES consumes this data? Do we need to enforce Splunk ES to use this data and alert us in case a match happens or Splunk ES uses this data without our interaction? are we required to create custom correlation rules and configure the adaptive response action or what? ... View more

I have the below error showing on the search head, I've been looking for a cause of this error with no luck.   Unable to initialize modular input "itsi_suite_enforcer" defined in the app "SA-ITOA": Introspecting scheme=itsi_suite_enforcer: script running failed (exited with code 1)   Did anyone encounter any similar error ever?  ... View more

Dear all,   I'm trying to ingest dat from FireEye HX instance into Splunk but I cannot find the correct way for this FireEye specific instance. Does anyone have the same exact integration or no? if yes please post the reference in the answers section.   Thanks in advance. ... View more