This app provides integration of Splunk with RST Threat Feed. It is shipped with health reports and dashboards and also includes sample detection rules. This threat intelligence feed covers multiple categories of indicators including Phishing, Web Attacks, C2 Servers, Botnet, Malware, TOR nodes, Scanning Hosts, Bad Bots, DDoS, Cryptomining, Spamming Hosts, Fraud and other types. It includes the following types of indicators: IP, Domain, URL, md5, sha1, sha256 Each indicator has an individual score calculated based on its actuality and risk: what type of the indicators it is, who is the reporter of the indicators, how many others are already aware of that indicator, was that indicator exposed previously and many other contributing factors. A trial key can be obtained from https://www.rstcloud.com/#free-trial
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources