Datavira Add-on for USOM Threat Intelligence app icon

Datavira Add-on for USOM Threat Intelligence

Integrates Turkey's USOM (TR-CERT) threat intelligence API into Splunk, producing IP, IPv6, domain, and URL lookup tables and optionally pushing IOCs to Enterprise Security.

Built by Suat Celikok
splunk product badge
Latest Version 1.0.1
June 1, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0
Rating

5

(2)

Log in to rate this app
Support
Datavira Add-on for USOM Threat Intelligence support icon
Developer Supported addon
The USOM Threat Intelligence add-on integrates the Turkish Cybersecurity Presidency's TR-CERT threat-intelligence API into Splunk. It polls the USOM REST API on a configurable schedule and produces five lookup tables containing indicators of compromise: IP addresses, IPv6 addresses, IPv6 networks, domains, and URLs. The add-on resolves USOM's short threat-classification codes to English titles using companion API endpoints. For environments running Splunk Enterprise Security 7.0 or later, the add-on includes optional threatlist:// inputs that push these lookups into ES's threat intelligence framework for automated correlation. The add-on emits operational logs and per-cycle statistics events to aid monitoring and troubleshooting. On Search Head Clusters, the modular input automatically runs only on the captain and replicates lookup tables to members via bundle replication.

Categories

Utilities, Threat Intel

Created By

Suat Celikok

Type

addon

Downloads

2

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing