Warning
Splunkbase Classic has been deprecated and will be deactivated on February 18, 2026.
Warning

This app is archived. App archiving documentation

TA-IOCWatchList app icon

TA-IOCWatchList

This application provides an IOC watchlist which allows your analysts to manage list of monitored IOCs in self-service manner. This watchlist can be used to: 1) Enrich other lookups 2) Be used as source for your hunting correlation searches 3) Enrich your notables in Splunk ES

Built by
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 2.1.2
October 11, 2023
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating

0

(0)

Log in to rate this app
Support
TA-IOCWatchList support icon
Not Supported
This application provides an IOC watchlist which allows your analysts to manage list of monitored IOCs in self-service manner. This watchlist can be used to: 1) Enrich other lookups 2) Be used as source for your hunting correlation searches 3) Enrich your notables in Splunk ES See the documentation for more information about using the "IOC Watchlist" dashboard (https://github.com/fkolacek/TA-IOCWatchList/wiki). Audit trail: index=`ioc_watchlist_index` sourcetype=`ioc_watchlist_sourcetype` | table _time, user, action, indicator, type, expire, reference, reason | sort -_time

Categories

Security, Fraud & Compliance

Created By

Frantisek Kolacek

Source Code

TA-IOCWatchList(Opens new window)

Type

addon

Downloads

1,670

Licensing

MIT(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing