2023-02-19 07:07:13 +00:00
|
|
|
[malware-filter Update botnet_ip.csv]
|
2023-03-03 07:10:05 +00:00
|
|
|
cron_schedule = */15 * * * *
|
|
|
|
description = Update lookup every 15 minutes from 00:00
|
2024-01-26 03:55:22 +00:00
|
|
|
# https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Collect#Events_without_timestamps
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-11-14 07:28:06 +00:00
|
|
|
schedule_window = 5
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getbotnetip\
|
|
|
|
| outputlookup override_if_empty=false botnet_ip.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update botnet-filter-splunk.csv]
|
|
|
|
cron_schedule = 0 */12 * * *
|
|
|
|
description = Update lookup every 12 hours from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-02-19 07:07:13 +00:00
|
|
|
schedule_window = 60
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getbotnetfilter\
|
|
|
|
| outputlookup override_if_empty=false botnet-filter-splunk.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update opendbl_ip.csv]
|
2023-03-03 07:10:05 +00:00
|
|
|
cron_schedule = */15 * * * *
|
|
|
|
description = Update lookup every 15 minutes from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-11-14 07:28:06 +00:00
|
|
|
schedule_window = 5
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getopendbl\
|
|
|
|
| outputlookup override_if_empty=false opendbl_ip.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update phishing-filter-splunk.csv]
|
|
|
|
cron_schedule = 0 */12 * * *
|
|
|
|
description = Update lookup every 12 hours from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-02-19 07:07:13 +00:00
|
|
|
schedule_window = 60
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getphishingfilter\
|
|
|
|
| outputlookup override_if_empty=false phishing-filter-splunk.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update pup-filter-splunk.csv]
|
|
|
|
cron_schedule = 0 */12 * * *
|
|
|
|
description = Update lookup every 12 hours from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-02-19 07:07:13 +00:00
|
|
|
schedule_window = 60
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getpupfilter\
|
|
|
|
| outputlookup override_if_empty=false pup-filter-splunk.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update urlhaus-filter-splunk-online.csv]
|
|
|
|
cron_schedule = 0 */12 * * *
|
|
|
|
description = Update lookup every 12 hours from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-02-19 07:07:13 +00:00
|
|
|
schedule_window = 60
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | geturlhausfilter\
|
|
|
|
| outputlookup override_if_empty=false urlhaus-filter-splunk-online.csv
|
2023-02-19 07:07:13 +00:00
|
|
|
|
|
|
|
[malware-filter Update vn-badsite-filter-splunk.csv]
|
|
|
|
cron_schedule = 0 */12 * * *
|
|
|
|
description = Update lookup every 12 hours from 00:00
|
2023-11-11 01:33:10 +00:00
|
|
|
dispatch.earliest_time = 0
|
2023-07-18 10:27:04 +00:00
|
|
|
enableSched = 0
|
2023-02-19 07:07:13 +00:00
|
|
|
schedule_window = 60
|
2024-01-26 03:55:22 +00:00
|
|
|
search = | getvnbadsitefilter\
|
|
|
|
| outputlookup override_if_empty=false vn-badsite-filter-splunk.csv
|