I need your inputs or advice on the my use case. I have mulitple sources of malicious IP addresses and domain names. That means daily I am getting almost 1k -2 k such entries.
Now my use case is if I could index those in elasticsearch and then gather the data from my dns servers using packetbeat or logs from my proxy servers/logs from firewall, server, sysmon then
Would it be possible to match against those tagged malicious entries?
And have the dashboard like Source X contacted Destination Y which is malicious?
Can someone pls help as I am not sure how to achieve this or workflow about the same.