Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Analyzer: ElasticSearch Query #841

Closed
6 tasks done
nicpenning opened this issue Aug 28, 2020 · 3 comments
Closed
6 tasks done

New Analyzer: ElasticSearch Query #841

nicpenning opened this issue Aug 28, 2020 · 3 comments
Labels
category:feature-request Issue is related to a feature request
Milestone
3.0.0

Comments

@nicpenning
Copy link
Contributor

nicpenning commented Aug 28, 2020
edited
Loading

Feature description
Query any ElasticSearch cluster or multiple clusters for any field and any index and return common fields that use the ElasticSearch Common Schema (ECS)

Describe the solution you'd like
This analyzer allows you to quickly query for URLs, IP addresses, domains, file hashes, and whatever other observables you choose. It will be great for threat intelligence reports or searching for those IOCs from an in house analysis on a phishing campaign.

Features

  • Query secured and insecure clusters
  • Ability to add any index pattern to search
  • Ability to add any field to search
  • Ability to limit the amount of results to return
  • Ability to extract observables
  • Ability to add tags for amount of results that get returned

We are nearly complete with this analyzer. Just applying some finishing touches and then we can supply the Pull Request.
@nicpenning nicpenning added the category:feature-request Issue is related to a feature request label Aug 28, 2020
@nicpenning nicpenning changed the title [FR] ElasticSearch Analyzer New Analyzer: ElasticSearch Analyzer Aug 28, 2020
@nicpenning nicpenning changed the title New Analyzer: ElasticSearch Analyzer New Analyzer: ElasticSearch Query Aug 28, 2020
This was referenced Oct 9, 2020
Closed
Merged
@nicpenning
Copy link
Contributor Author

Thanks @nmprokop for this contribution!

@nadouani
Copy link
Contributor

nadouani commented Oct 10, 2020
edited
Loading

I've already seen this one during a demo, and it's definitely a very good job.

@nicpenning @nmprokop we will review it and see in which release we can ship it. I think that 3.0.0 scope is already closed.

@garanews garanews added this to the 3.0.0 milestone Jan 15, 2021
@nicpenning
Copy link
Contributor Author

Woohoo!

🔎🌲🪓🐝👌🚀🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
category:feature-request Issue is related to a feature request
Projects
None yet
Milestone
3.0.0
Development

No branches or pull requests
3 participants
@nadouani @nicpenning @garanews