SPLICE currently supports STIX 1.1, CybOX 2.1, OpenIOC 1.0 and 1.1 formats and provides a way of consuming IOCs in Splunk to leverage the indicators and provide greater context than common threat feeds.  SPLICE can monitor local directories, or mount points, for incoming IOCs as well as TAXII feeds like Soltra Edge to periodically poll IOCs.

SPLICE was developed as a proof of concept and relies on a standalone Mongo DB to store the indicators. While SPLICE remains free to use it will probably no more evolve as Splunk Enterprise Security 3.3 now has the same capabilities and also leverage the usage of the KV Store.

Splunk Enterprise Security: https://splunkbase.splunk.com/app/263/