curben
/
splunk-malware-filter
mirror of https://gitlab.com/malware-filter/splunk-malware-filter
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: workaround for splunk 8.x

This commit is contained in:
Ming Di Leom 2023-02-04 10:02:58 +00:00
parent 9982d3ba68
commit 5c9eb9523b
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -15,6 +15,8 @@
Provide custom search commands to update [malware-filter](https://gitlab.com/malware-filter) lookups. Each command downloads from a source CSV and emit rows as events which can then be piped to a lookup file or used as a subsearch. Each command is exported globally and can be used in any app. This add-on currently does not have any UI.
Compatible with Splunk 9.x. Splunk 8.x requires [additional configuration](#splunk-8x) to avoid issue.
## Installation
Releases are available at https://gitlab.com/malware-filter/splunk-malware-filter/-/releases
@ -148,6 +150,18 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1
Source: https://opendbl.net/
## Splunk 8.x
Splunk scheduler may not run scheduled searches (alert/report) without this workaround.
Add the following config to `$SPLUNK_HOME/etc/apps/malware_filter/local/commands.conf`.
```conf
[default]
chunked = false
generating = true
```
## Disable individual commands
Settings -> All configurations -> filter by "malware_filter" app