I was trying to setup a usecase to do the following:
1.) Download a txt file containing known malicious IP's.
2.) Compare existing netflow traffic logs to see if there is a match against any of the malicious IP's
3.) Send an alert if a connection is found with these malicious IP's.
Is this possible to do?
Thank you for any assistance.
is this the same as Use Case: Upload to rare external IP or are this two different use cases ?
That link is for creating a use case that involves this step, this thread is only for that one step of injecting a list into elastic. This step can be applied in many use cases.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.