Splunk Enterprise Security

Which type of file can I add as threat list in Splunk Enterprise Security?

RiccardoV
Communicator

Hi guys,
I am wondering if I could use a binary file with my own format as threat list in Splunk ES app. That file contains a list of ip addresses with some additional informations.

In my own app I read that file through a python script and I want to add this (big) list of ips in ES. Can ES app read/use that binary file using my python script or I have to convert it in plain text / csv?

thanks!

0 Karma
1 Solution

RiccardoV
Communicator

I resolved this using a standard csv file, it seems that I cannot use my own binary format.

View solution in original post

0 Karma

RiccardoV
Communicator

I resolved this using a standard csv file, it seems that I cannot use my own binary format.

0 Karma
*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:





Or Learn More in Our Blog >>