Splunk Enterprise Security

How to update an existing threat intel collection row on splunk ESS portal?


I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I can see those rows at Security Intelligence->Threat Intelligence->Threat Artifacts. 





May I know how I can do the same job on Splunk ESS portal? As I can only update local lookup files via Configure > Content > Content Management, and insert a row above/below, but it looks different from what I do with REST API, and I cannot get the rows I added with API there. 



Besides, I cannot find the row I inserted to local lookup file at Security Intelligence->Threat Intelligence->Threat Artifacts.

May I know if I missed something during configuration or there is elsewhere on ESS portal that I can update threat intel rows?



Labels (1)
0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!


Or Learn More in Our Blog >>