Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
Warning

This app is archived. Learn more

SA-SPLICE app icon

SA-SPLICE

SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs.

Built by Cedric Le Roux
splunk product badge
screenshot
screenshot
Latest Version 1.3.5
March 31, 2015
Compatibility
Not Available
CIM Version: 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
SA-SPLICE support icon
Not Supported
SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/

Categories

Created By

Cedric Le Roux

Type

app

Downloads

2,336

Licensing

Splunk Answers

Resources

Log in to report this app listing