README.md

ts_webhook_alert

Splunk alert action app for exporting indicators from Splunk to Anomali ThreatStream.

Installation

git clone https://github.com/vavarachen/ts_webhook_alert.git

tar -czf ts_webhook_alert.tar.gz ts_webhook_alert

Upload the tar.gz file to Splunk Search Head (Apps > Manage Apps > Install app from file)

Configuration

Find app ("Anomali Threatstream Indicator Export") and click "Set up"

Example

Create a Splunk search which outputs indicators. Fields like 'tag', 'itype' are optional.

Create an alert from the search.

Configure ts_webhook as 'Action'.