I have a few files with a ton of signatures indicating a malicious actor. The files consist of MD5 hashes, file sizes, filenames, and SHA256 hashes. Id like to make a dashboard with reports checking for these indicators but there are hundreds of them and I don't want to hand jam. Is there a way to point to the file and have Splunk parse the documents to check for indicators?
↧