This app is archived. Learn more

SA-SPLICE

SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/

Built by Cedric Le Roux

Latest Version 1.3.5

March 31, 2015

Release notes

Compatibility

Not Available

CIM Version: 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/