All,
I just enabled a threat list in Splunk ES. First time. I guess it's working, no error message.
emerging_threats_compromised_ip_blocklist
threatlist Emerging Threats compromised IPs blocklist
https://rules.emergingthreats.net/blockrules/compromised-ips.txt\
How do I test this? How can generate an event against it?
↧