Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to update an existing threat intel collection row on splunk ESS portal?

StanD3sec
Observer
‎09-03-2021 04:11 PM

I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I can see those rows at Security Intelligence->Threat Intelligence->Threat Artifacts. 

StanD3sec_2-1630710567766.png

 

StanD3sec_0-1630710488847.png

 

May I know how I can do the same job on Splunk ESS portal? As I can only update local lookup files via Configure > Content > Content Management, and insert a row above/below, but it looks different from what I do with REST API, and I cannot get the rows I added with API there. 

StanD3sec_1-1630710512664.png

 

Besides, I cannot find the row I inserted to local lookup file at Security Intelligence->Threat Intelligence->Threat Artifacts.

May I know if I missed something during configuration or there is elsewhere on ESS portal that I can update threat intel rows?

Thanks

 

Labels (1)
Labels
0 Karma
Reply
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>

Get Updates on the Splunk Community!