Hi all,
I am coding a system that like detect domain malicious base on blacklist and whitelist.
I have a list of pattern for detection, so when a recieve a domain, I will check my list of pattern and alert a message if match. I known Elasticsearch support pattern searching but my case is reverse, I must search a string in pattern. Is elastichsearch support searching like that? If not, have you any solutions for this case?
Thank you very much!
I believe what you are looking for are percolate queries:
https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-percolate-query.html
"The percolate query can be used to match queries stored in an index. The percolate query itself contains the document that will be used as query to match with the stored queries."
One hint: Reading your use case this sounds like an ideal application for Watcher/ Alerting - I assume you'll probably want to act based on seeing malicious domains?
Hope this helps,
Isabel
Thank you so much, I think this is what I need 
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.