CTIS Integration - ES TIF Troubleshooting

Basic troubleshooting of collection downloads and parsing are available from the Threat Intelligence Audit dashboards in Enterprise Security. More detailed debug data is available in the _internal index.  Example searches for viewing audit and debug logs for ES TIF are below: 

index=_internal source="/opt/splunk/var/log/splunk/threat*" 

It is possible to also enable a higher level of debug output for individual collections as needed in the collection configuration as per the steps in the previous section.