search

opensearch-project / alerting

📟 Get notified when your data meets certain conditions by setting up monitors, alerts, and notifications
https://opensearch.org/docs/latest/monitoring-plugins/alerting/index/
Apache License 2.0
62 stars 102 forks source link

[FEATURE] Monitor indices for occurences of malicious IPs/domains etc stored in high cardinality threat intelligence feeds #1348

Open eirsep opened 11 months ago

eirsep commented 11 months ago

Is your feature request related to a problem? Customers have constant streams of threat intel feeds which contain millions of malicious IPs or DNS or other Indicators of Compromise (IoCs). They wish to monitor their data for the occurrence of these IoCs in their log index data.

What solution would you like? A new kind of monitor that essentially performs a

What alternatives have you considered? A clear and concise description of any alternative solutions or features you've considered.

Do you have any additional context? Add any other context or screenshots about the feature request here.

praveensameneni commented 7 months ago

The feature will be part of Threat Intel Platform to be supported in Security Analytics