Hi, in the ES app, navigate to Security Intelligence -> Threat Intelligence -> Threat Artifacts
Please note that all Threat Intel is being normalised into a joint intel framework. In the sub-tabs you will find the intel relating to the different security domains. Looking at the intel details you will see some of them are from your TAXII feeds... provided the download was successful.
I see another feed on the SH server at /opt/apps/splunk/etc/apps/SA-ThreatIntelligence/local/data/threat_intel/emerging_threats_compromised_ip_blocklist.csv
Is there a way to see via the UI?
@mzambrana123 , I see data on the SH -
[<host>]$ \ls -tlr
-rw-------+ 1 splunk splunk 15335 Sep 18 06:54 emerging_threats_compromised_ip_blocklist.csv
Is there a macro to see the data?