[FEATURE] Monitor indices for occurences of malicious IPs/domains etc stored in high cardinality threat intelligence feeds

[eirsep]

Is your feature request related to a problem? Customers have constant streams of threat intel feeds which contain millions of malicious IPs or DNS or other Indicators of Compromise (IoCs). They wish to monitor their data for the occurrence of these IoCs in their log index data.

What solution would you like? A new kind of monitor that essentially performs a

What alternatives have you considered? A clear and concise description of any alternative solutions or features you've considered.

Do you have any additional context? Add any other context or screenshots about the feature request here.

[praveensameneni]

The feature will be part of Threat Intel Platform to be supported in Security Analytics