Injecting malicious IP list to compare against active connections and alert if found - Use case


(Daniel) #1

Hi there,

I was trying to setup a usecase to do the following:

1.) Download a txt file containing known malicious IP's.
2.) Compare existing netflow traffic logs to see if there is a match against any of the malicious IP's
3.) Send an alert if a connection is found with these malicious IP's.

Is this possible to do?

Thank you for any assistance.


(Peter Pisljar) #2

is this the same as Use Case: Upload to rare external IP or are this two different use cases ?


(Daniel) #3

That link is for creating a use case that involves this step, this thread is only for that one step of injecting a list into elastic. This step can be applied in many use cases.