Support customizing Splunk sourcetype - Feature Request

nheijmans / malzoo

Mass static malware analysis tool

https://www.sans.org/reading-room/whitepapers/threathunting/automated-analysis-abuse-mailbox-employees-malzoo-37207

GNU General Public License v2.0

91 stars 29 forks source link

Support customizing Splunk sourcetype - Feature Request #9

Closed tcwaddell closed 6 years ago

tcwaddell commented 6 years ago

Malzoo uses a hardcoded sourcetype in the Splunk tool. It would be easier to integrate Malzoo with Splunk if this could be specified in the configuration file.

https://github.com/nheijmans/malzoo/blob/a598dabcc36e44f3ec0ab6a4b16924ac7be17c7d/malzoo/core/tools/splunk.py#L14-L19

nheijmans commented 6 years ago

3acd21d contains the update suggestion!