i have dns logs and in that i have to check whether there is any malicious domains.i have a csv file containing malicious domain how to do a comparison.i used translate field it didnt work
Sharing your config and why it didn't work would be useful.
translate { field => "domainname" destination => "maliciousdomain" dictionary_path => '/tmp/malicious.yml/' }. In malicious.yml entries are like
xyz.com xyz1.com
mark
the translate field worked fine i didnt add proper values in my yaml.i have one more doubt my other yaml files contains values like this halifax.bankingonlineregister.com,malware,RESTRICTED
i want the domainname and the category malware is there any option to do that bcos i have different categories like apt,c$c so ihave to display that also in dashboard
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.