I have a list containing millions of malicious IP addresses, and I am using ELK to get and analyze data from multiple firewalls.
I received millions of logs per days from the firewall and my malicious IP address list is changing constantly.
I want to create a search or something else that compares the firewall logs and this malicious list of IP addresses.
If there is any match, the search should return the results, create an alarm, whatever. I just want to be aware of any match.
Can someone point me a direction ?
I have been exhausting my neuron on this task.