Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Warning

This app is archived. Learn more

SA-SPLICE app icon

SA-SPLICE

SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/

splunk product badge
screenshot
screenshot

Latest Version 1.3.5
March 31, 2015
Compatibility
Not Available
CIM Version: 4.x, 3.x
Rating

0

(0)

Log in to rate this app
Support
SA-SPLICE support icon
Not Supported
Learn more
SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds. SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs. SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store. Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/

Categories

Created By

Cedric Le Roux

Type

app

Downloads

2,334

Resources

Login to report this app listing