Splunk Enterprise Security

Threat Intel module mapping multiple fields to same variable

avivn
Explorer

Hi,

In threat intel module when adding a new threat feed source,

The feed contains also sha-256 and MD5 but I can map only one of them to the file_hash var,

There is an option to map multiple fields into the same var?

Labels (2)
0 Karma

scelikok
SplunkTrust
SplunkTrust

Hi @avivn,

You can add the same threat intel source twice by selecting different field as var.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...