Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
IPURL IOC Ingestion app icon

IPURL IOC Ingestion

Note: This Add-on does not work on a Cluster Environment. It only works on Splunk Enterprise and a single instance of Splunk Cloud. Am working to fix the issue related to it not working on a Cluster environment. This Add-on collects IPs, URLs and Domains from well known Open-source websites that can be used by Threat Intelligence analysts or Cyber Security Centres for better correlations of their use cases or searches. It is needed by any security team that do not use MISP and need to retrieve open source IPs, URLs and Domains. The Add-on downloads IPs, Domains, URLs and Phishing Domains from Proof Point IP blocklist, Abuse CNC blocklist, URLHAUS, OpenPhish, DigitalSide Threat-Intel repo FQDN domains, Mitchell Krogza Github phishing domain lists and Romain Marcoux Github phishing domain lists.. All these lists are cleaned and placed into a CSV file that can be used for correlation after the user has created a new input after the installation.

Built by Donald Egbenyon
splunk product badge
Latest Version 1.0.6
October 13, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
Rating

0

(0)

Log in to rate this app
Support
IPURL IOC Ingestion support icon
Developer Supported addon
Note: This Add-on does not work on a Cluster Environment. It only works on Splunk Enterprise and a single instance of Splunk Cloud. Am working to fix the issue related to it not working on a Cluster environment. This Add-on collects IPs, URLs and Domains from well known Open-source websites that can be used by Threat Intelligence analysts or Cyber Security Centres for better correlations of their use cases or searches. It is needed by any security team that do not use MISP and need to retrieve open source IPs, URLs and Domains. The Add-on downloads IPs, Domains, URLs and Phishing Domains from Proof Point IP blocklist, Abuse CNC blocklist, URLHAUS, OpenPhish, DigitalSide Threat-Intel repo FQDN domains, Mitchell Krogza Github phishing domain lists and Romain Marcoux Github phishing domain lists.. All these lists are cleaned and placed into a CSV file that can be used for correlation after the user has created a new input after the installation.

Categories

Created By

Donald Egbenyon

Type

addon

Downloads

385

Licensing

Splunk Answers

Resources

Login to report this app listing