This year a colleague of mine,
@trakzon, and I talked about
integrating MIR, OpenIOC and other network data sources such as BRO and Palo
Alto Network Firewalls logs with Splunk at MIRCon. We never got around to
publishing the code until now. Here is the code to automate the searching of OpenIOC format
IOCs through Splunk’s API:
As always we welcome feedback and features.