Threat Intelligence Input
- Shirly Tsang
Analytics
Go to Infoblox App For Splunk >Inputs.
Click on Create New input > Threat Intelligence
Provide all parameters shown in the following table.
Click on the Add button.
If the user clicks on historical data and provides start date time then data collection will start from that date to current date.
Click on the save button.
NOTE: For Threat Intelligence Input, there is a checkpoint mechanism implemented for both historical as well as latest data collection to avoid data duplication in Splunk. Also that checkpoint will be deleted on deleting the corresponding input.
Parameters | Type | Description |
Name | Textbox | A name to uniquely identify the input. |
Interval | Textbox | Time interval for input in seconds. Default = 3600 |
Index | Dropdown | The index in which data should be collected. Only required if "Collection Type" is set to "Index". Default = “default” |
Infoblox Account | Dropdown | Select the Infoblox account for which you want to collect data. |
Threat Level | Textbox | The add-on will collect data for the specified threat level or higher. |
Confidence Level | Textbox | The add-on will collect data for the specified confidence level or higher. |
Historical Data | CheckBox | Select if you want to collect historical data. |
Start Date Time | TextBox | NOTE : Only appears if you click on the Historic Data checkbox. |