I have two indexes, one is packetbeat, one is threat intelligence feed. Is there any way I can compare the source/destination IP in the captures of packetbeat to the one in the threat intelligence feed?
If anyone is interested, I'm currently using combine plus logstash csv input to bring in the threat intelligence feed.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.