Hi there, I was trying to setup a usecase to do the following: 1.) Download a txt file containing known malicious IP's. 2.) Compare existing netflow traffic logs to see if there is a match against any of the malicious IP's 3.) Send an alert if a connection is found with these malicious IP's. Is…

Injecting malicious IP list to compare against active connections and alert if found - Use case

ppisljar (Peter Pisljar) December 6, 2018, 10:45am 2

is this the same as Use Case: Upload to rare external IP or are this two different use cases ?

Topic		Replies	Views
I need advice on this new use case - IOC Elasticsearch	4	1410	September 25, 2017
Best practice for an "IP Check" Elasticsearch	2	579	July 15, 2019
Compare two datasets Logstash	7	3614	May 21, 2018
[Agent-Netflow] Anomaly Detect for spikes on coms between 2 IP SIEM	6	481	July 11, 2023
Matching threat indicators to content in ELK Elasticsearch	2	1230	July 6, 2017