I see the following stanza in my SplunkEnterpriseSecurity app's inputs.conf file. (added by splunk professional)
[threat_intelligence_manager://]
...
What is that and where is it coming from? I can't find any details on any this input in the inputsconf documentation. https://docs.splunk.com/Documentation/Splunk/6.5.3/Admin/Inputsconf. Where would I find stuffs to read further about it?
That stanza is managed by the threat_intelligence_manager.py
modular input. You can read more on the Threat Intelligence framework in Splunk ES here: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBC
That stanza is managed by the threat_intelligence_manager.py
modular input. You can read more on the Threat Intelligence framework in Splunk ES here: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBC