fix: update botnet_ip.csv & opendbl_ip.csv every 15 minutes

README.md

@@ -18,7 +18,7 @@ Provide custom search commands to update [malware-filter](https://gitlab.com/mal
 
 Source CSVs will be downloaded via a proxy if configured in "$SPLUNK_HOME/etc/system/local/[server.conf](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Serverconf#Splunkd_http_proxy_configuration)".
 
-By default, [lookup files](./lookups/) will be updated using scheduled reports every 12 hours from 00:00 of your configured time zone on Splunk. Modify the relevant saved searches to add [optional arguments](#usage).
+By default, [lookup files](./lookups/) will be updated using scheduled reports every 12 hours, every 15 minutes for botnet_ip.csv and opendbl_ip.csv. Modify the relevant saved searches to add [optional arguments](#usage).
 
 Tested on Splunk 9.x.
 

default/savedsearches.conf

@@ -1,9 +1,9 @@
 [malware-filter Update botnet_ip.csv]
 action.lookup = 1
 action.lookup.filename = botnet_ip.csv
-cron_schedule = 0 */12 * * *
-description = Update lookup every 12 hours from 00:00
-dispatch.earliest_time = -12h
+cron_schedule = */15 * * * *
+description = Update lookup every 15 minutes from 00:00
+dispatch.earliest_time = -1h
 enableSched = 1
 schedule_window = 60
 search = | getbotnetip
@@ -21,9 +21,9 @@ search = | getbotnetfilter
 [malware-filter Update opendbl_ip.csv]
 action.lookup = 1
 action.lookup.filename = opendbl_ip.csv
-cron_schedule = 0 */12 * * *
-description = Update lookup every 12 hours from 00:00
-dispatch.earliest_time = -12h
+cron_schedule = */15 * * * *
+description = Update lookup every 15 minutes from 00:00
+dispatch.earliest_time = -1h
 enableSched = 1
 schedule_window = 60
 search = | getopendbl