Create classes and search code for URL events #81

punisherVX commented 6 years ago

Using the same processing structure as DNS, we need the same workflow for URL events from the NGFW.
This will require a class structure, searching algorithms and storage code.

Ticket #10: Extend SFN to process URL FW events

Currently SFN processes Threat log events with a focus on DNS log messages. We need to extend out capability to also cover process URL events. Initial thinking in

input URL log events from FW.
search AF for the malware/campaign/actor behind the URL
store the combined information
visualize.

https://github.com/PaloAltoNetworks/safe-networking-sp/issues/81

punisherVX commented 6 years ago

These need to be moved out for future use. The logs are filtered and events are tagged, but until we have a better grasp on where the URL enrichment will come from, we need to push them out.

See #10 as a co-requisite

punisherVX commented 5 years ago

There is nothing to do here as the current level of info for URL is not usable from external sources.

PaloAltoNetworks / SafeNetworking

Create classes and search code for URL events #81 #21

Ticket #10: Extend SFN to process URL FW events