Add-on for AusCERT

This add-on collects threat indicators published by AusCERT and indexes them in Splunk. It can collect indicators from the AusCERT malware and phishing feeds. This runs as a modular input which gather the data from the AusCERT API. A valid AusCERT API key is required. Additionally, a disabled scheduled search will push these indicators into the Splunk for Enterprise Security threat intelligence framework. Enable this saved search if you are running this add-on with Splunk ES. The author of this add-on is not associated with AusCERT and cannot support the use of the API: please contact AusCERT directly for any API issues.

Built by Luke Monahan

Latest Version 2.1.0

July 7, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

This add-on collects threat indicators published by AusCERT and indexes them in Splunk. It can collect indicators from the AusCERT malware and phishing feeds. This runs as a modular input which gather the data from the AusCERT API. A valid AusCERT API key is required. Additionally, a disabled scheduled search will push these indicators into the Splunk for Enterprise Security threat intelligence framework. Enable this saved search if you are running this add-on with Splunk ES. The author of this add-on is not associated with AusCERT and cannot support the use of the API: please contact AusCERT directly for any API issues.