All notable changes to the DCSO Threat Intelligence Engine (TIE) Add-On for Splunk will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Support for new TI-Engine
- Support for Splunk Enterprise v8, which means dropping support for Python v2.7. We will not support Python 2 any longer.
- Possibility to specify ranges when configuring the add-on. For example, severity
can be specified as
1-to include all but zero, or2-4to include only 2, 3, and 4, or-5to include all 5 or lower. Specifying just a number will work as before. - Logging is now done in a separate file as JSON. This makes it easier to audit the AddOn in Splunk itself (using an index).
- We include a
setup.pywhich can be used to create a Splunk distribution usingsetup.py splunkdist. The resulting TAR or ZIP files can then be used to install through Splunk's web interface. - The configuration of the Add-On within Splunk's web interface has been a bit reorganized and more help has been added.
- Published Splunk technical add-on in version 1.0.0 at Github.com