Not every company has the same data in its Splunk system, so file hashes or other IoC data types may not be needed in the system. However, each IoC data type costs Splunk index volume, download and processing time, time and disk space.
What
Every available IoC data type should be selectable via the web interface and only the activated data types should be downloaded and processed. The default should be selected and the rest should be available via advanced setting button.
The following IoC data types are available in the TIE and should be usable:
Why
Not every company has the same data in its Splunk system, so file hashes or other IoC data types may not be needed in the system. However, each IoC data type costs Splunk index volume, download and processing time, time and disk space.
What
Every available IoC data type should be selectable via the web interface and only the activated data types should be downloaded and processed. The default should be selected and the rest should be available via advanced setting button.
The following IoC data types are available in the TIE and should be usable:
Default activated:
How