Blacklisted domains

i have dns logs and in that i have to check whether there is any malicious domains.i have a csv file containing malicious domain how to do a comparison.i used translate field it didnt work

Sharing your config and why it didn't work would be useful.

translate { field => "domainname" destination => "maliciousdomain" dictionary_path => '/tmp/malicious.yml/' }. In malicious.yml entries are like
xyz.com xyz1.com

mark
the translate field worked fine i didnt add proper values in my yaml.i have one more doubt my other yaml files contains values like this halifax.bankingonlineregister.com,malware,RESTRICTED
i want the domainname and the category malware is there any option to do that bcos i have different categories like apt,c$c so ihave to display that also in dashboard

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.