I am working on a project and would like to know your thoughts on what I am thinking.
In the end I am essentially trying to build a domain classification/identification system. Packetbeat will be used to pull in all DNS queries going across the network and I would like to be able to have these queries compared against a list of known malware, phishing, botnet, etc domains in a separate index. It would be ideal if I could push these matched categories into a new field.
Is this something that is fairly straightforward to accomplish?