Hi Splunkers, we have ingested Threat Intelligence Feeds from Group-IB into Splunk, we want to benefit from this data as much as possible. I want to understand how Splunk ES consumes this data? Do we need to enforce Splunk ES to use this data and alert us in case a match happens or Splunk ES uses this data without our interaction? are we required to create custom correlation rules and configure the adaptive response action or what?
... View more