Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
An Ioc Match is an entity that is created as part of malicious Ioc Scanning
Ioc match maps an IoC to a list of documents that contain the ioc
Ioc match primarily contains the following information:
ioc value
ioc type
ioc scan job id
list of doc ids that are found to contain the ioc in the format doc_id:index_name
the feeds that had marked the IoC as malicious at that point in time
timestamp
the execution id of the job (just a unique string to mark the execution)
It's in essence the reverse mapping of a finding that maps a document to a list of malicious IoCs found
Issues Resolved
[List any issues this PR will resolve]
Check List
[ ] New functionality includes testing.
[ ] All tests pass
[ ] New functionality has been documented.
[ ] New functionality has javadoc added
[ ] Commits are signed per the DCO using --signoff
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.
Description
An Ioc Match is an entity that is created as part of malicious Ioc Scanning Ioc match maps an IoC to a list of documents that contain the ioc
Ioc match primarily contains the following information:
It's in essence the reverse mapping of a finding that maps a document to a list of malicious IoCs found
Issues Resolved
[List any issues this PR will resolve]
Check List
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.