Splunk® Enterprise Security

Use Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Add a new threat list

This page is currently a work in progress. Any information presented here might be incomplete or incorrect, and frequent near-term updates are expected.

When the Splunk App for Enterprise Security detects traffic from a site listed in the threat list lookup files, it creates notable event that shows up on the Incident Review dashboard. For the threat list to be effective, the content of these lists needs to be kept up to date with the latest information. When the threat lists provided with the Splunk App for Enterprise Security are configured with proxy information, they automatically update as new information becomes available.

You may want to add a new threat list with additional information about malicious sites to your existing set of threat lists.

(scenario to come)

Last modified on 02 December, 2013
Malware on systems with outdated anti-virus software   Default dashboards

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0, 3.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters