Resecurity TAXII 2.x IOC Input

The app enables streamlined ingestion of Indicators of Compromise (IOCs) from TAXII 2.x feeds directly into Splunk. It solves the common challenge of operationalizing external threat intelligence: pulling structured threat data on a schedule, normalizing it, and making it instantly searchable for detection, investigation, and reporting. With a simple setup page for global settings and a lightweight modular input per collection, the app continuously collects new IOCs using incremental checkpoints, so you only ingest what’s changed. Built‑in pagination, retry/backoff, and time handling ensure reliable operation, while you control where data lands (index/sourcetype) and how far back to fetch on first run. Highlights - Direct TAXII 2.x ingestion into Splunk - Incremental updates with durable checkpoints (no duplicate floods) - Configurable initial lookback window and collection‑level inputs - Works with customer‑defined index, sourcetype, and interval - Ready‑to‑search IOC fields (indicator, indicator_type, STIX metadata) - Robust handling for pagination and transient HTTP errors (429/5xx) Use cases - Enrich detections with current domain/IP/hash IOCs - Power investigations and threat hunting with up‑to‑date intel - Feed dashboards and alerts with high‑fidelity threat indicators