I am a beginner level Splunk user. I am currently on a project where I will feed STIX format threat intelligence data in Splunk in order to use Splunk for analytics. I understand that I will need SA-SPLICE to start with, a Splunk app. But is there any detailed documentation on how to configure SA-SPLICE and how to pull the data in? Any information is welcome!
↧