Add a new threat list
|This page is currently a work in progress. Any information presented here might be incomplete or incorrect, and frequent near-term updates are expected.|
When the Splunk App for Enterprise Security detects traffic from a site listed in the threat list lookup files, it creates notable event that shows up on the Incident Review dashboard. For the threat list to be effective, the content of these lists needs to be kept up to date with the latest information. When the threat lists provided with the Splunk App for Enterprise Security are configured with proxy information, they automatically update as new information becomes available.
You may want to add a new threat list with additional information about malicious sites to your existing set of threat lists.
(scenario to come)
Malware on systems with outdated anti-virus software
This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1