CTIS TAXII Splunk App Documentation¶

This Splunk app provides threat intelligence sharing capabilities to integrate Splunk Platform with the ASD's Cyber Threat Intelligence Sharing (CTIS) platform. This app enables cybersecurity teams to curate IoCs (Indicators of Compromise) from ingested Splunk events, which can be submitted as STIX v2.1 Bundles via the TAXII v2.1 protocol.

Github Repository¶

https://github.com/splunk/ctis-taxii-splunk-app

Supporting Documentation¶

• Oasis Open - Introduction to STIX
• Oasis Open - Introduction to TAXII
• TAXII v2.1 Specification
• STIX v2.1 Specification
• Australian Signals Directorate’s Cyber Security Partnership Program

Getting Started¶

• For how to install this app in your Splunk environment, see: Installation
• For how to configure the app with your desired TAXII server, see: Configuration
• For how to use the app, including curating IoCs for threat intelligence sharing, see: Curating and Sharing CTI

Support¶

• This app is not Splunk Supported. Limited support is available from the developers on a best-effort basis.
• For questions regarding this app please contact splunk-ctis-app@cisco.com.
• For bug reports and feature requests, raise an issue in the Github repository.