splunk-malware-filter/default/transforms.conf

[urlhaus-filter-splunk-online]
case_sensitive_match = 1
filename = urlhaus-filter-splunk-online.csv
max_matches = 1

[phishing-filter-splunk]
case_sensitive_match = 1
filename = phishing-filter-splunk.csv
max_matches = 1

[pup-filter-splunk]
case_sensitive_match = 1
filename = pup-filter-splunk.csv
max_matches = 1

[vn-badsite-filter-splunk]
case_sensitive_match = 1
filename = vn-badsite-filter-splunk.csv
max_matches = 1

[botnet-filter-splunk]
case_sensitive_match = 1
filename = botnet-filter-splunk.csv

[botnet_ip]
case_sensitive_match = 1
filename = botnet_ip.csv

[opendbl_ip]
case_sensitive_match = 1
filename = opendbl_ip.csv
min_matches = 1
default_match = none
match_type = CIDR(cidr_range)
feat: add lookup definition 2023-02-04 06:38:50 +00:00			`[urlhaus-filter-splunk-online]`
			`case_sensitive_match = 1`
			`filename = urlhaus-filter-splunk-online.csv`
			`max_matches = 1`

			`[phishing-filter-splunk]`
			`case_sensitive_match = 1`
			`filename = phishing-filter-splunk.csv`
			`max_matches = 1`

			`[pup-filter-splunk]`
			`case_sensitive_match = 1`
			`filename = pup-filter-splunk.csv`
			`max_matches = 1`

			`[vn-badsite-filter-splunk]`
			`case_sensitive_match = 1`
			`filename = vn-badsite-filter-splunk.csv`
			`max_matches = 1`

			`[botnet-filter-splunk]`
			`case_sensitive_match = 1`
			`filename = botnet-filter-splunk.csv`

			`[botnet_ip]`
			`case_sensitive_match = 1`
			`filename = botnet_ip.csv`

			`[opendbl_ip]`
			`case_sensitive_match = 1`
			`filename = opendbl_ip.csv`
			`min_matches = 1`
			`default_match = none`
			`match_type = CIDR(cidr_range)`