Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Filebeat] Malware Bazaar Dataset for Threat Intel Module #24569

Closed
2 tasks done
peasead opened this issue Mar 16, 2021 · 1 comment · Fixed by #24570
Closed
2 tasks done

[Filebeat] Malware Bazaar Dataset for Threat Intel Module #24569

peasead opened this issue Mar 16, 2021 · 1 comment · Fixed by #24570
Labels
enhancement Filebeat Filebeat

Comments

@peasead
Copy link
Contributor

peasead commented Mar 16, 2021

Modules

Describe the enhancement:
Currently, the threat intel module for Filebeat did not have the data provided by Malware Bazaar.

Malware Bazaar provides rich file metadata about malware that can assist cyber intelligence analysts, threat hunters, and incident responders during incident response and ongoing security operations.

Describe a specific use case for the enhancement or feature:
Threat hunting, security operations, and intelligence analysis.

Filebeat module

  • Test log files exist for the grok patterns
  • Generated output for at least 1 log file exists
@elasticmachine
Copy link
Collaborator

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

@peasead peasead mentioned this issue Mar 16, 2021
Merged
8 tasks
@P1llus P1llus mentioned this issue Apr 20, 2021
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Filebeat] Add Malware Bazaar to Threat Intel Module
2 participants
@peasead @elasticmachine