curben
/
splunk-malware-filter
mirror of https://gitlab.com/malware-filter/splunk-malware-filter
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

docs: tested with splunk 9

This commit is contained in:
Ming Di Leom 2023-02-06 06:45:18 +00:00
parent fe8476e2c1
commit 736bb44cc6
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
1 changed files with 1 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
README.md
View File

@ -15,7 +15,7 @@
Provide custom search commands to update [malware-filter](https://gitlab.com/malware-filter) lookups. Each command downloads from a source CSV and emit rows as events which can then be piped to a lookup file or used as a subsearch. Each command is exported globally and can be used in any app. This add-on currently does not have any UI.
Compatible with Splunk 9.x. Splunk 8.x requires [additional configuration](#splunk-8x) to avoid issue.
Tested with Splunk 9.x.
## Installation
@ -150,18 +150,6 @@ Recommend to update the lookup file "opendbl_ip.csv" every 15 minutes (cron `*/1
Source: https://opendbl.net/
## Splunk 8.x
Splunk scheduler may not run scheduled searches (alert/report) without this workaround.
Add the following config to `$SPLUNK_HOME/etc/apps/malware_filter/local/commands.conf`.
```conf
[default]
chunked = false
generating = true
```
## Disable individual commands
Settings -> All configurations -> filter by "malware_filter" app