Match against another index - Domain Categorization

Hey guys,

I am working on a project and would like to know your thoughts on what I am thinking.

In the end I am essentially trying to build a domain classification/identification system. Packetbeat will be used to pull in all DNS queries going across the network and I would like to be able to have these queries compared against a list of known malware, phishing, botnet, etc domains in a separate index. It would be ideal if I could push these matched categories into a new field.

Is this something that is fairly straightforward to accomplish?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.