CTIS Integration - ES TIF Troubleshooting

Basic troubleshooting of collection downloads and parsing are available from the Threat Intelligence Audit dashboards in Enterprise Security. More detailed debug data is available in the _internal index. You can use this example search for viewing audit and debug logs for ES TIF: 

index=_internal source="/opt/splunk/var/log/splunk/threat*" 

It is possible to also enable a higher level of debug output for individual collections as needed in the collection configuration by following the steps in the previous section.