Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk ES Threat Intelligence TAXII feed with API POST Argument

elend
Path Finder
‎08-12-2024 09:48 PM

Did someone ever faced or implementing this on Splunk ES?. Im facing an issue when try add TAXII feed from OTX API connection,

i already check the connectivity, and made some changes on the configuration until disable the prefered captain on my search head, but it still not resolved. I also know there is an app for this, but just want to clarify are this option still supported or not.

Here my POST argument

URL: https://otx.alienvault.com/taxii/discovery
POST Argument: collection="user_otx" taxii_username="API key" taxii_password="foo"

But the download status keep on TAXII feed pooling starting, and when i check on the PID information 

status="This modular input does not execute on search head cluster member" msg="will_execute"="false" config="SHC" msg="Deselected based on SHC primary selection algorithm" primary_host="None" use_alpha="None" exclude_primary="None"

 

Tags (2)
0 Karma
Reply

JohnEGones
Communicator
‎08-13-2024 08:02 AM

Hi,

Did you consult this page? 

https://docs.splunk.com/Documentation/ES/7.3.2/Admin/Downloadthreatfeed

 

Reply

elend
Path Finder
‎08-13-2024 09:30 AM

yes, I already follow that source too.

0 Karma
Reply
Get Updates on the Splunk Community!

What’s New in Splunk Observability Cloud – June 2025

What’s New in Splunk Observability Cloud – June 2025 We are excited to announce the latest enhancements to ...

Almost Too Eventful Assurance: Part 2

Work While You SleepBefore you can rely on any autonomous remediation measures, you need to close the loop ...

Leveraging Detections from the Splunk Threat Research Team & Cisco Talos

 Stay ahead of today’s evolving threats with the combined power of the Splunk Threat Research Team (STRT) and ...
OSZAR »