MISP
/
misp-website
mirror of https://github.com/MISP/misp-website
2
0
Fork 0
Code Issues Releases Wiki Activity

chg: [content] image path updated

pull/111/head
Alexandre Dulaunoy 2024-10-22 16:53:54 +02:00
parent 35589e9b78
commit 8a8cb78fc9
No known key found for this signature in database
GPG Key ID: 09E2CD4944E6CBCD
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/blog/MISP_IoC_retrosearch_with_misp42splunk.md
View File

@ -18,7 +18,7 @@ The framework will run a series of scheduled searches to pull the IoC from MISP,
All results are written to a summary index.
![MISP IoC retrosearch lifecycle](https://github.com/remg427/misp42splunk/blob/master/images/misp42_ioc_retrosearch_lifecycle.png)
![MISP IoC retrosearch lifecycle](https://raw.githubusercontent.com/remg427/misp42splunk/refs/heads/master/images/misp42_ioc_retrosearch_lifecycle.png)
## Preparation
@ -65,11 +65,11 @@ field.sourcetype = string
```
You could use Splunk App for Lookup File Editing:
![Create KV store](https://github.com/remg427/misp42splunk/blob/master/images/misp42_ioc_retrosearch_kvstore_creation.png)
![Create KV store](https://raw.githubusercontent.com/remg427/misp42splunk/refs/heads/master/images/misp42_ioc_retrosearch_kvstore_creation.png)
and then create a lookup definition **HUNT_LD_201_RETRO_catch_ip** pointing to the KV store HUNT_KV_201_RETRO_catch_ip.
![Lookup definition](https://github.com/remg427/misp42splunk/blob/master/images/misp42_ioc_retrosearch_lookup_defintion.png)
![Lookup definition](https://raw.githubusercontent.com/remg427/misp42splunk/refs/heads/master/images/misp42_ioc_retrosearch_lookup_defintion.png)
#### Collecting findings in a dedicated index