Reply
Highlighted
L1 Bithead
Posts: 7
Registered: ‎07-19-2017

TI automation - search received IoC events with Splunk [part 4]

Hi,

a new post on the Threat Intelligence automation journey.

It's time to integrate miner events (update/whitdraw) into Splunk to search received IoC events

 

To do this I used logstash prototype and wrote a TA (Technology Addon) to parse JSON data on Splunk forwarders and a sample applicattion to see and analyze received data.

 

As always feedback welcome

Giovanni