Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Warning

This app is archived. App archiving documentation

SA-SPLICE app icon

SA-SPLICE

SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs.

Built by
splunk product badge
screenshot
screenshot
Latest Version 1.3.5
March 31, 2015
Compatibility
Not Available
CIM Version: 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
SA-SPLICE support icon
Not Supported
SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/

Categories

Created By

Cedric Le Roux

Type

app

Downloads

2,347

Licensing

End User License Agreement for Third-Party Content(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing