Does the ThreatConnect app require the Splunk Enterprise instance to have a Enterprise Security license in order to work?
No, the ThreatConnect App for Splunk does not require either Splunk Enterprise Security nor a license for Splunk Enterprise Security.
No, the ThreatConnect App for Splunk does not require either Splunk Enterprise Security nor a license for Splunk Enterprise Security.
So when the Threatconnect app is used without the ES license, it will still allow IoCs to be matched against logs and alerts brought up?