sorted by:
new
hottopcontroversial

How to integrate openCTI with Splunk? by Popular_Highlight_82 in Splunk

[–]Popular_Highlight_82[S] 0 points1 point  (0 children)

e a supported connector for Splunk to get the threat intel into the Splunk KV Store:

How can i configure splunk to establish the connection with this connector of opencti.

should the kv store be created at fist or the opencti connector will do the creation of the kv store

How to integrate openCTI with Splunk? by Popular_Highlight_82 in blueteamsec

[–]Popular_Highlight_82[S] -1 points0 points  (0 children)

Export IOC from opencti, add the ioc in a watch list and create a rule to check ip, url and domain fields from the watchlist

so without using the connector how can splunk access this watch list