Hi everyone,
Is it possible to add a thread feed on Splunk Enterprise, specifically for InfoSec App? There is no Splunk ES deployed.
Thanks,
Crizelle
Hi @crizelle,
Out of the box, the current version 1.5.3 of InfoSec app does not use threat feeds.
Others may want to chime in what they have done with threat intel feeds in Splunk Enterprise before going with ES.
Hi @igifrin_splunk ,
What do you mean by this? "Others may want to chime in what they have done with threat intel feeds in Splunk Enterprise before going with ES."
Thanks,
Crizelle
While InfoSec app does not use threat feeds out of the box, there are other ways to add threat intel and correlate it with the the incoming data like IPs, file hash, domain names, etc.
This can be a starting point:
https://answers.splunk.com/answers/636125/how-to-integrate-threat-intelligence-with-splunk.html