Troubleshoot Threat Intelligence Management in Splunk Mission Control
To find troubleshooting steps for resolving issues you might face with Threat Intelligence Management in Splunk Mission Control, see the following.
Error message: Intelligence modular input is disabled
In Splunk Mission Control, there are two modular inputs used to get intelligence from Threat Intelligence Management. The two modular inputs, Mission Control - Retrieve IM Indicators and Mission Control - Parse IM indicators, are active by default.
If you see an error message in Splunk Mission Control about deactivated modular inputs, complete the following steps to check for and activate the necessary modular inputs.
- Select the Settings tab in Splunk Web.
- In the Data section, select Data inputs.
- Select Mission Control - Retrieve IM Indicators for the local input.
- Select Enable in the Status field.
- Return to the Data inputs page and select Mission Control - Parse IM indicators files.
- Select Enable in the Status field.
After you activate the modular inputs for Splunk Mission Control, you can access threat intelligence data in the Intelligence tab of your incident investigation. To learn more about what you can do with Threat Intelligence Management, see Get started with Threat Intelligence Management in Splunk Mission Control.
| Comparing open source and premium intelligence sources in Splunk Mission Control | Available premium intelligence sources for Splunk Mission Control |
This documentation applies to the following versions of Splunk® Mission Control: Current
Download manual
Feedback submitted, thanks!