Closed narendrahm closed 3 years ago
I see that a few versions are compatible for Splunk Cloud, but there isn't any documentation on this particular integration.
Hi, misp42splunk is designed to be on a SH: it has custom commands and 2 alert actions. no data is ingested via forwarder I am working on a cleaner version with a lookup to manage MISP instances.
@remg427
I was under the impression we can pull IOC/Threat Intel from MISP into Splunk/Splunk Cloud. If it is still on the SH, is it still possible?
I am assuming with the custom commands we can pull from MISP, but would like to verify. Thank you for the reply.
Thanks!
version 4 should pass cloud vetting process. to pull data from MISP you can use custom commands and alert actions to push data in version4 there is also a wrapper for MISP API misprest. provided you build a valid JSON request.
version 4.0.0 has been vetted for deployment on Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Splunk Versions: 8.1, 8.0
That the great work, Thank you
Regards Narendra
On Mon, Nov 23, 2020 at 6:31 PM Rémi Séguy notifications@github.com wrote:
Closed #169 https://github.com/remg427/misp42splunk/issues/169.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/remg427/misp42splunk/issues/169#event-4027533894, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACHKNKCCQHQXEH5DIINCEJLSRJMMNANCNFSM4SEIDBSQ .
Is there any way to integrate MISP with Splunk Cloud