splunk-malware-filter/default/searchbnf.conf

65 lines
2.4 KiB
Plaintext
Raw Normal View History

2023-01-27 09:47:59 +00:00
#
# Search assistant text for custom search command
#
[options]
syntax = (wildcard_prefix=<column_names>)? | (wildcard_suffix=<column_names>)? | (wildcard_affix=<column_names>)? | (message=<string>)?
2023-01-27 09:47:59 +00:00
description = 'wildcard_*' controls which columns to have their value\
affixed with wildcard character. Affixed value will be added to a\
new column. 'message' adds a custom message to new column custom_message.
[message-option]
syntax = (message=<string>)?
description = 'message' adds a custom message to new column custom_message.
[geturlhausfilter-command]
syntax = geturlhausfilter <options>
description = Get urlhaus-filter from malware-filter.
usage = public
example = | geturlhausfilter wildcard_prefix="path" message="lorem ipsum"
related = getphishingfilter getpupfilter getvnbadsitefilter getbotnetfilter
[getphishingfilter-command]
syntax = getphishingfilter <options>
description = Get phishing-filter from malware-filter.
usage = public
example = | getphishingfilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getpupfilter getvnbadsitefilter getbotnetfilter
[getpupfilter-command]
syntax = getpupfilter <options>
description = Get pup-filter from malware-filter.
usage = public
example = | getpupfilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getphishingfilter getvnbadsitefilter getbotnetfilter
[getvnbadsitefilter-command]
syntax = getvnbadsitefilter <options>
description = Get vn-badsite-filter from malware-filter.
usage = public
example = | getvnbadsitefilter wildcard_prefix="path" message="lorem ipsum"
related = geturlhausfilter getphishingfilter getpupfilter getbotnetfilter
[getbotnetfilter-command]
syntax = getbotnetfilter <message-option>
shortdesc = Get botnet-filter from malware-filter.
description = Get botnet-filter from malware-filter.\
Please use 'getbotnetip' whenever possible.
usage = public
example = | getbotnetfilter message="lorem ipsum"
related = geturlhausfilter getphishingfilter getpupfilter getvnbadsitefilter
[getbotnetip-command]
syntax = getbotnetip <message-option>
description = Get botnet ip from Feodo Tracker.
usage = public
example = | getbotnetip message="lorem ipsum"
related = getopendbl
[getopendbl-command]
syntax = getopendbl <message-option>
description = Get ip blocklists from Open Dynamic Block Lists (Opendbl).
usage = public
example = | getopendbl message="lorem ipsum"
related = getbotnetip