Skip to content

vavarachen/ts_webhook_alert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README
README
 
 
appserver/static
appserver/static
 
 
bin
bin
 
 
default
default
 
 
metadata
metadata
 
 
resources
resources
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
_config.yml
_config.yml
 
 

Repository files navigation

ts_webhook_alert

Splunk alert action app for exporting indicators from Splunk to Anomali ThreatStream.

Installation

git clone https://github.com/vavarachen/ts_webhook_alert.git

tar -czf ts_webhook_alert.tar.gz ts_webhook_alert

Upload the tar.gz file to Splunk Search Head (Apps > Manage Apps > Install app from file)

Configuration

Find app ("Anomali Threatstream Indicator Export") and click "Set up" Setup

Example

Create a Splunk search which outputs indicators. Fields like 'tag', 'itype' are optional.

Splunk Search

Create an alert from the search.

Create Alert

Configure ts_webhook as 'Action'.

Configure Action

About

Splunk alert app for exporting indicators from Splunk to Anomali ThreatStream.

Topics

python splunk threat-intelligence splunk-alert

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages