I am using the Java SDK and would like to be able to add watch lists to Spunk i.e publish IOC's as a lookup that I can the use is queries.
Note I have already implemented the API's to allow me to connect/auth and execute queries. I take these results and analyze the results. This leaves me with a list of known threats. I then want to automatically publish these back to Splunk as a Black Watch List.
Does anyone know how to do this ?
... View more