When creating your API Client in Cisco Threat Response it must have the following scopes
To get a verdict from Threat Response:
... | table <field> | threatresponse verdict = <field>
To get targets from Threat Response:
... | table <field> | threatresponse targets = <field>
To get verdicts of observables from multiple fields from Threat Response:
... | eval <new_field_name> = <first_field>." ".<second_field> | table <new_field_name> | threatresponse verdict=<new_field_name>
Rebranded Cisco Threat Response to Cisco SecureX Threat Response
Added modules for Python3 and added ability use Python2 or Python3 depending on the Splunk version and settings
Fixed problem with selecting nonexistent values
Added support for new types of observables
Fixed problem with KeyError for 'end_time'
- Added response indexing
- Added Dashboards
- Added ```target``` command
- Added workflow action to open an Investigation in Threat Response
- Alerts uses when API client is missing a needed scope
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.