About Kaspersky Threat Feed App for Splunk

Kaspersky Threat Feed App for Splunk is an app for Splunk® provided by Kaspersky Lab. You can use the features of the app for the following:

• Downloading Kaspersky Threat Data Feeds, converting them to CSV format, and importing them to Splunk
• Looking up indicators (URLs, IP addresses, and MD5, SHA1, SHA256 hashes) in Kaspersky Threat Data Feeds

  You can look up either a single indicator, or indicators that are contained in log files.

  Kaspersky Threat Feed App for Splunk provides macros for creating lookup requests and alerts in Splunk.

• Configuring Kaspersky Threat Feed App for Splunk

In this section Distribution kit Search macros Software and hardware requirements Feeds from Kaspersky Lab

Page top