To report any issues please visit: https://github.com/lukemonahan/TA-otx
This add-on polls the OTX API and indexes pulses, and their related indicators, into Splunk.
You can then use these indicators and pulses you see fit, however if you are a Splunk for Enterprise Security user you should also get the partner app SA-otx, which uses this data to add threat indicators into the Splunk ES threat collections.
To use this add-on:
Soon after this point you should soon be able to see OTX data by searching:
otx:indicator events contain a
pulse_id, which link it to the
id of a corresponding
The input picks up any modified pulses since last poll, so you may wish to use
| dedup id to limit to the latest reported details of an individual
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.