Avatar

Bowei Chi

  • Total activity 13
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 1
  • Subscriptions 5

Posts

Recent activity by Bowei Chi Sort by recent activity Recent activity Votes
  • lookup operator with compareCIDRPrefix

    Can I use lookup operator in combination with compareCIDRPrefix to check if ip in the log is in a list of cidrs from csv?   Something like this, but iIt complain about "unexpected token" if I query...

  • lookup operator with dynamic url?

    Is it possible to use a dynamically generated url in "lookup" operator? For example, I'd like to pass dest_ip to the url in lookup: | fields dest_ip, url| lookup cidr from https://xxxxxx.ngrok.io/{...

  • threat intel data integration besides crowdstrike?

    Are there any resource / documentation on building a threat intel app much like the crowdstrike app but using a different source to correlate the intel data?  The alternative source can be a REST e...