Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an app
TA-IOCWatchList app icon

TA-IOCWatchList

This application provides an IOC watchlist which allows your analysts to manage list of monitored IOCs in self-service manner. This watchlist can be used to: 1) Enrich other lookups 2) Be used as source for your hunting correlation searches 3) Enrich your notables in Splunk ES

Built by
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 2.1.2
October 11, 2023
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating

0

(0)

Log in to rate this app
Support
TA-IOCWatchList support icon
Developer Supported addon
This application provides an IOC watchlist which allows your analysts to manage list of monitored IOCs in self-service manner. This watchlist can be used to: 1) Enrich other lookups 2) Be used as source for your hunting correlation searches 3) Enrich your notables in Splunk ES See the documentation for more information about using the "IOC Watchlist" dashboard (https://github.com/fkolacek/TA-IOCWatchList/wiki). Audit trail: index=`ioc_watchlist_index` sourcetype=`ioc_watchlist_sourcetype` | table _time, user, action, indicator, type, expire, reference, reason | sort -_time

Categories

Created By

Frantisek Kolacek

Source Code

Type

addon

Downloads

1,604

Licensing

Splunk Answers

Resources

Log in to report this app listing