Hi All,
Is there any way to do ip reputation check automatically with logstash or elasticsearch without manually effort for checking reputation against each ip?
It's not released yet, but Filebeat 7.12 will tentatively have a beta module for Threat Intel which might help with what you're looking for.
2 Likes
Hi Ben,
Thanks for your reply..
I understand from your response that in-built feature for ip reputation check is not available with current EL version..But could you please help me with alternative way like integration of talos,virustotal etc with elasticsearch....
Unfortunately, I'm not familiar with these sources, so I can't provide much help. However, if they have accessible API's you could try using Logstash's http filter to enrich that data through a Logstash pipeline.
On a related note, this is very speculative (and my own observance from looking at some GitHub issues), but based on where 7.12 is currently at in the cycle, it might be only two or three weeks from release. So if you can wait a bit longer it might be available soon-ish.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.