项目作者: vavarachen

项目描述 :
Splunk alert app for exporting indicators from Splunk to Anomali ThreatStream.
高级语言: HTML
项目地址: git://github.com/vavarachen/ts_webhook_alert.git
创建时间: 2018-01-24T15:34:31Z
项目社区:https://github.com/vavarachen/ts_webhook_alert

开源协议:Apache License 2.0

下载


ts_webhook_alert

Splunk alert action app for exporting indicators from Splunk to Anomali ThreatStream.

Installation

  1. git clone https://github.com/vavarachen/ts_webhook_alert.git
  2. tar -czf ts_webhook_alert.tar.gz ts_webhook_alert

Upload the tar.gz file to Splunk Search Head (Apps > Manage Apps > Install app from file)

Configuration

Find app (“Anomali Threatstream Indicator Export”) and click “Set up”
Setup

Example

Create a Splunk search which outputs indicators. Fields like ‘tag’, ‘itype’ are optional.

Splunk Search

Create an alert from the search.

Create Alert

Configure ts_webhook as ‘Action’.

Configure Action