Qintel QSentry Feed Add-on for Splunk

QSentry is a consumable feed of anonymization and threat actor IP addresses sourced from the Deep and DarkWeb and QIntel’s proprietary research. The IPs in the feed are associated with infrastructure actively utilized or abused by cyber criminals, including VPN/Proxy services and IP addresses linked to the malicious infrastructure of criminal and nation-state actors. With this integration, users can fetch a daily list of newly compiled indicators from QSentry’s collections. The Qintel QSentry Technology Add-on allows you to ingest the Qintel QSentry feed into a key value store in Splunk so that your logs data can be enriched automatically or at search time.

Built by Qintel Integrations

Latest Version 1.1.0

May 3, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1

CIM Version: 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

QSentry is a consumable feed of anonymization and threat actor IP addresses sourced from the Deep and DarkWeb and QIntel’s proprietary research. The IPs in the feed are associated with infrastructure actively utilized or abused by cyber criminals, including VPN/Proxy services and IP addresses linked to the malicious infrastructure of criminal and nation-state actors. With this integration, users can fetch a daily list of newly compiled indicators from QSentry’s collections. The Qintel QSentry Technology Add-on allows you to ingest the Qintel QSentry feed into a key value store in Splunk so that your logs data can be enriched automatically or at search time.