Obelisk Threat Intel (formerly Optiv) is a Splunk App that automatically correlates your data with several popular open threat lists. After a few mouse clicks we can start hunting for log sources that are reaching out to, or being attacked from, known attackers. The app can provide increased visibility to potentially malicious activity going on in the organization.
Splunk role: App to install
Search head: obelisk-threat-intel
Heavy forwarder: TA_obelisk-threat
*create an "obelisk" index on each indexer
Support is provided as a best effort basis. For best results, post on Splunk Answers. This is an open source app, and the code is posted on GitHub here: https://github.com/ransomvik/optiv_threat_intel
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. See http://www.gnu.org/licenses/
*Re-branded app (no longer Optiv Threat Intel)
*Added a new panel that shows which threat lists are being tracked
*Uses the CIM for Network Traffic on the splash screen
*Improved troubleshooting screen
*Certified for Splunk version 7.2
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.