-
**Describe the bug:**
- In the threatintel module, the domain indicator, is mapped as `keyword`. However, some of the values represented are IPs. If you want to match your ingested data that contains…
-
-
## Description
Elastic Stream Connector ECS mapping is using threatintel field instead of threat. ECS is now using threat fields for Threat Indicator Rule Match so both the stream connector and the…
-
**Describe the bug**
Remove "add to timeline" button from non-ECS-compliant fields
**Build Details**
```
Version:7.15.0 BC2
Commit:113d5f2a745ab9be7d567d13ff906dfd0f5b7a9a
Build:43742
```
…
-
Hello,
I've got the same problem using Filebeat threatintel module.
Here is my configuration from `filebeat.yml` (module enabled: AbuseURL, AbuseMalware and misp) :
```
# Module: threatint…
-
# Category
Select one: Threatintel
# Tags
Add tags for the tip
# Tip
misp.search(controller='attributes', value=['https://www.google.com'])
-
Yesterday otx.alienvault.com was down for a few minutes, and in that time the proessing buffer was filling up but no messages were being processed, not even ones the Threat Intellgence pipeline wasn't…
-
Currently, we only support WHOIS redirects from ARIN. To optimize latency, we should support redirects from all registries. See also: https://github.com/Graylog2/graylog-plugin-threatintel/issues/76
-
This might be a generic pipeline function, but it's very useful specifically for threatintel
Looking up against a dedicated index of IOCs and adding a field that would generate an alert
-
# Category
Select one: Threatintel
# Tags
correlation pivoting
# Tip
Correlations are extremely useful to highlight relations between threat events but they can also kill your environm…