Kaspersky Threat Feed App for Splunk Cloud™ is an application for integrating Kaspersky Threat Data Feeds to Splunk Cloud. You can use the features of the application for the following:
Downloading Kaspersky Threat Data Feeds, converting them to CSV format, and importing them to Splunk Cloud.
Looking up indicators (URLs, IPv4 addresses, domains, host names, and MD5, SHA-1, SHA-256 hashes of malicious files) in Kaspersky Threat Data Feeds.
Matching observables from incoming events against the feeds on a regular basis. The observables are matched by using the Splunk® Alerts feature for ongoing monitoring and discovery of additional contextual evidence for security incidents.