Intezer has developed novel technology- the only solutions to apply biological immune system concepts to cyber security. Through its ‘DNA mapping’ approach to code, Intezer provides enterprises with unparalleled threat detection that accelerates incident response and eliminates false positives, while protecting against fileless malware, APTs, code tampering and vulnerable software.
This Add-On provides a method to use Splunk Adaptive Response to automate lookup of a SHA26 hash against the Intezer
This Add-On requires access to the Intezer API located here and the Splunk Common Information Model App located here If you are a community user please contact support@intezer.com to get access to an API key.
- Either git clone this directory 'git clone https://github.com/secops4thewin/TA-intezer.git' or download the spl file located here.
- Install the add-on to the indexer and search head in your Splunk environment
- On the Search Head open the add on by going to http://yoursplunkserver:8000/en-GB/app/TA-intezer/configuration
- Enable a proxy if it is required
- Click Add-on Settings and enter the API Key and the Index.
- Click Save
- If you have proxy rules please allow https://analyze.intezer.com/api and from your Search Head
- Create a search that produces a result such as a sha256 hash and pass the results using the Splunk tokens such as
$result.sha256$
0.0.1 Initial release with API functionality