Summary * (min 80 / max 3000)
vCISO Threat Intel brings the open threat intelligence from vciso.au directly into Splunk, with no API key required. It ingests the full community feed into a single index with clean, per-source sourcetypes, so your analysts can search and write correlation rules per data type.
It pulls:
IOC indicators (IPs, domains, URLs, file hashes) from the aggregated public feed: 180,000+ indicators, refreshed continuously.
Ransomware leak-site victims (organisation, threat actor/group, country, sector, dates).
Security news and threat-intel articles.
Vendor advisories and CVEs.
Dark-web marketplace listings (metadata only: no .onion addresses, no stolen data).
Two modular inputs do the work: a public Community Intel input (no key) and an IOC feed input. Members of vciso.au can paste a personal feed key to also include their own saved indicators, but no account is needed for the public data.
The app ships five ready-made dashboards, each with a time-range picker: IOCs, Ransomware, Security News, Advisories, and Darkweb & Marketplaces. Everything lands in the vciso_iocs index under per-category sourcetypes (vciso:ioc, vciso:victim, vciso:news, vciso:advisory, vciso:darkweb), so you can build alerts, lookups and correlation searches on exactly the data you need. Free for the security community.