RST Threat Feed App for Splunk

This app provides integration of Splunk with RST Threat Feed. It is shipped with health reports and dashboards and also includes sample detection rules. This threat intelligence feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types. It includes the following types of indicators: IP, Domain, URL, md5, sha1, sha256 Each indicator has an individual score calculated based on its actuality and risk: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors. A trial key can be obtained from https://www.rstcloud.com/#free-trial

Built by Yury Sergeev

Latest Version 1.0.4

January 22, 2025

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 6.x, 5.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported app

Ranking

#46

in Threat Intel

This app provides integration of Splunk with RST Threat Feed. It is shipped with health reports and dashboards and also includes sample detection rules. This threat intelligence feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types. It includes the following types of indicators: IP, Domain, URL, md5, sha1, sha256 Each indicator has an individual score calculated based on its actuality and risk: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors. A trial key can be obtained from https://www.rstcloud.com/#free-trial