When creating your API Client in Cisco SecureX threat response it must have the following scopes
- Enrich
- Inspect
To get a verdict from Cisco SecureX threat response:
... | table <field> | threatresponse verdict = <field>
To get targets from Cisco SecureX threat response:
... | table <field> | threatresponse targets = <field>
To get verdicts of observables from multiple fields from Cisco SecureX threat response:
... | eval <new_field_name> = <first_field>." ".<second_field> | table <new_field_name> | threatresponse verdict=<new_field_name>
Updated requests package to latest version
Updated Python SDK version to 1.7.0
More improvements for compatibility with Splunk Cloud
Further improvements to compatibility with Splunk Cloud
Added support for Splunk Cloud
Updated to latest Splunk SDK
Rebranded Cisco Threat Response to Cisco SecureX threat response
Added modules for Python3 and added ability use Python2 or Python3 depending on the Splunk version and settings
Fixed problem with selecting nonexistent values
Added support for new types of observables
Fixed problem with KeyError for 'end_time'
target
commandAs a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.