Cherry-pick #24570 to 7.x: [Filebeat] Add Malware Bazaar to Threat Intel Module #25177
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Cherry-pick of PR #24570 to 7.x branch. Original message:
Closes https://github.com/elastic/cti-team/issues/33
What does this PR do?
This PR adds the Malware Bazaar threat feed to the threat intel module of Filebeat.
Why is it important?
Malware Bazaar provides rich file metadata about malware that can assist cyber intelligence analysts, threat hunters, and incident responders during incident response and ongoing security operations.
Currently, the threat intel module for Filebeat did not have the data provided by Malware Bazaar.
Checklist
CHANGELOG.next.asciidoc
orCHANGELOG-developer.next.asciidoc
.Author's Checklist
./filebeat setup
imports the saved search, visualization, and dashboardHow to test this PR locally
This can be tested by:
Go to KIbana -> dashboards -> apply the
threat intel
tagRelated issues
Resolves #24569
Use cases
Threat hunting, security operations, and intelligence analysis.
Screenshots
Logs
Original data from source
Data from module