Kaspersky Threat Feed App for Splunk is distributed as an archive named Kaspersky-Threat-Feed-App-for-Splunk.tar.gz. The contents of the archive are described in the following table.
Kaspersky Threat Feed App for Splunk package contents
Item |
Description |
kl_feed_for_splunk.py |
Utility for downloading and conversion of Kaspersky Threat Data Feeds. |
kl_feed_for_splunk.conf |
Configuration file for kl_feed_for_splunk.py. |
macros.conf |
File that contains macros used for looking up indicators. |
savedsearches.conf |
Alert that writes a notification in the Triggered alerts window in Splunk that the feeds were not updated in the last calendar day. The alert name is |
The distribution archive also contains other service files.
Page top