Properly onboarding threat indicators is critical to powering Splunk Enterprise Security for SUNBURST activity detection. This article provides tips to successfully:
- set up threat intelligence downloads
- check the creation of threat intelligence artifacts
- ensure proper parsing of downloaded data
“Onboarding Threat Indicators into Splunk Enterprise Security: SolarWinds Continued” on splunk.com: