Hi there,
I have file something like this; a dict file probably. Lets say doms.yaml
artput.date: Emotet
astheir.cricket: Emotet
callcar.stream: Emotet
catflys.online: Phishing
datatax.trade: Phishing
eastbus.racing: RAT
evenran.online: Ransomware
factsgo.science: APT
fallsbe.loan: cryptomining
And then I am parsing bind logs using logstash with field particularly
%{WORD:queried_domain}
So here how do I tag the message as soon as a any domain is found from doms.yaml file? Like
If factsgo.science is found and parsed by logstash it should tag APT OR
evenran.online is found shld be tagged by name RANSOMWARE and so on..
Can someone please help?
Thanks and Regards,
Blason R