I was trying to setup a usecase to do the following:
1.) Download a txt file containing known malicious IP's.
2.) Compare existing netflow traffic logs to see if there is a match against any of the malicious IP's
3.) Send an alert if a connection is found with these malicious IP's.
Is this possible to do?
Thank you for any assistance.