Skip to content

Splunk alert app for exporting indicators from Splunk to Anomali ThreatStream.

License

Notifications You must be signed in to change notification settings

vavarachen/ts_webhook_alert

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ts_webhook_alert

Splunk alert action app for exporting indicators from Splunk to Anomali ThreatStream.

Installation

git clone https://github.com/vavarachen/ts_webhook_alert.git

tar -czf ts_webhook_alert.tar.gz ts_webhook_alert

Upload the tar.gz file to Splunk Search Head (Apps > Manage Apps > Install app from file)

Configuration

Find app ("Anomali Threatstream Indicator Export") and click "Set up" Setup

Example

Create a Splunk search which outputs indicators. Fields like 'tag', 'itype' are optional.

Splunk Search

Create an alert from the search.

Create Alert

Configure ts_webhook as 'Action'.

Configure Action

About

Splunk alert app for exporting indicators from Splunk to Anomali ThreatStream.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published