You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Not every company has the same data in its Splunk system, so file hashes or other IoC data types may not be needed in the system. However, each IoC data type costs Splunk index volume, download and processing time, time and disk space.
What
Every available IoC data type should be selectable via the web interface and only the activated data types should be downloaded and processed. The default should be selected and the rest should be available via advanced setting button.
The following IoC data types are available in the TIE and should be usable:
Domain Name
IPv4
IPv6
E-Mail
ExactHash
URL (verbatim)
URL (regex)
SSDEEP
PEHASH
Filesize
Filename
YaraRule
YaraString
Default activated:
Domain Name
IPv4
IPv6
E-Mail
ExactHash
URL (verbatim)
URL (regex)
How
Add parameter to tie2index.py script
Add parameter to web configuration
Test
The text was updated successfully, but these errors were encountered:
Why
Not every company has the same data in its Splunk system, so file hashes or other IoC data types may not be needed in the system. However, each IoC data type costs Splunk index volume, download and processing time, time and disk space.
What
Every available IoC data type should be selectable via the web interface and only the activated data types should be downloaded and processed. The default should be selected and the rest should be available via advanced setting button.
The following IoC data types are available in the TIE and should be usable:
Default activated:
How
The text was updated successfully, but these errors were encountered: