gregzee
commented
3 years ago I see that a few versions are compatible for Splunk Cloud, but there isn't any documentation on this particular integration.
Closed narendrahm closed 3 years ago
gregzee
commented
3 years ago I see that a few versions are compatible for Splunk Cloud, but there isn't any documentation on this particular integration.
remg427
commented
3 years ago Hi, misp42splunk is designed to be on a SH: it has custom commands and 2 alert actions. no data is ingested via forwarder I am working on a cleaner version with a lookup to manage MISP instances.
gregzee
commented
3 years ago @remg427
I was under the impression we can pull IOC/Threat Intel from MISP into Splunk/Splunk Cloud. If it is still on the SH, is it still possible?
I am assuming with the custom commands we can pull from MISP, but would like to verify. Thank you for the reply.
Thanks!
remg427
commented
3 years ago version 4 should pass cloud vetting process. to pull data from MISP you can use custom commands and alert actions to push data in version4 there is also a wrapper for MISP API misprest. provided you build a valid JSON request.
remg427
commented
3 years ago version 4.0.0 has been vetted for deployment on Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Splunk Versions: 8.1, 8.0
narendrahm
commented
3 years ago That the great work, Thank you
Regards Narendra
On Mon, Nov 23, 2020 at 6:31 PM Rémi Séguy notifications@github.com wrote:
Closed #169 https://github.com/remg427/misp42splunk/issues/169.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/remg427/misp42splunk/issues/169#event-4027533894, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACHKNKCCQHQXEH5DIINCEJLSRJMMNANCNFSM4SEIDBSQ .
Is there any way to integrate MISP with Splunk Cloud