[malware-filter Update botnet_ip.csv] action.lookup = 1 action.lookup.filename = botnet_ip.csv cron_schedule = */15 * * * * description = Update lookup every 15 minutes from 00:00 # https://docs.splunk.com/Documentation/Splunk/9.1.1/SearchReference/Collect#Events_without_timestamps dispatch.earliest_time = 0 enableSched = 0 schedule_window = 5 search = | getbotnetip [malware-filter Update botnet-filter-splunk.csv] action.lookup = 1 action.lookup.filename = botnet-filter-splunk.csv cron_schedule = 0 */12 * * * description = Update lookup every 12 hours from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 60 search = | getbotnetfilter [malware-filter Update opendbl_ip.csv] action.lookup = 1 action.lookup.filename = opendbl_ip.csv cron_schedule = */15 * * * * description = Update lookup every 15 minutes from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 5 search = | getopendbl [malware-filter Update phishing-filter-splunk.csv] action.lookup = 1 action.lookup.filename = phishing-filter-splunk.csv cron_schedule = 0 */12 * * * description = Update lookup every 12 hours from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 60 search = | getphishingfilter [malware-filter Update pup-filter-splunk.csv] action.lookup = 1 action.lookup.filename = pup-filter-splunk.csv cron_schedule = 0 */12 * * * description = Update lookup every 12 hours from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 60 search = | getpupfilter [malware-filter Update urlhaus-filter-splunk-online.csv] action.lookup = 1 action.lookup.filename = urlhaus-filter-splunk-online.csv cron_schedule = 0 */12 * * * description = Update lookup every 12 hours from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 60 search = | geturlhausfilter [malware-filter Update vn-badsite-filter-splunk.csv] action.lookup = 1 action.lookup.filename = vn-badsite-filter-splunk.csv cron_schedule = 0 */12 * * * description = Update lookup every 12 hours from 00:00 dispatch.earliest_time = 0 enableSched = 0 schedule_window = 60 search = | getvnbadsitefilter