Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CLI command to bulk search for IoC's across data lake #29

Open
Samrose-Ahmed opened this issue Dec 15, 2022 · 0 comments
Open

Add CLI command to bulk search for IoC's across data lake #29

Samrose-Ahmed opened this issue Dec 15, 2022 · 0 comments
Labels
enhancement New feature or request

Comments

@Samrose-Ahmed
Copy link
Contributor

Samrose-Ahmed commented Dec 15, 2022
edited

Overview

Currently, it is difficult to search for a known indicator across all/multiple tables in your Matano security lake.

Goals

Add a CLI command that automatically searches for a given indicator against all relevant fields in all relevant tables.

For example, one can provide a malicious IP and it will be searched across columns such as related.ip in all Matano tables that have this field.

Notes

  • Display a table showing aggregate view of matches in each table
  • Support ability to save matches to file.
  • Be able to search any ECS field and narrow matches by time.
@Samrose-Ahmed Samrose-Ahmed added the enhancement New feature or request label Dec 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
Matano Public Roadmap
Status: Researching
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Samrose-Ahmed