Available open intelligence sources for Splunk Enterprise Security
Open intelligence sources are sources that are freely available without any subscription requirement. Use the following table to find the supported observable types for each open intelligence source:
Intelligence source | Update type | Update frequency | Supported observable types |
---|---|---|---|
URLHaus | Feed-based | 60 minutes |
|
Abuse SSL IP Blacklist | Feed-based | 15 minutes |
|
Available premium intelligence sources for Splunk Enterprise Security | Available threat intelligence and generic intelligence sources included in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 8.0.0, 8.0.1
Feedback submitted, thanks!