I have a proxy log index which contains a URL field.
I also have a lookup table, which contains a list of known bad URLs.
I would like to do a comparison to see if the indexed URL field has any values like those in the lookup table.
Example:
URL Field from Proxy Index:
url="http://www.somewebsite.com/cma-music-festival"
Lookup Table contains fields
category: Other
date: 2016-11-01T19:12:07+00:00
isbad: true
reference: http://www.phishtank.com/phish_detail.php?phish_id=4572548
url: http://somewebsite.com
How would I search the proxy log index to get a list of the URLs that match those in the Lookup Table url field?
Thanks.
Actually I think I found it after testing.
eventtype=cisco_wsa_squid [| inputlookup phishtank.csv | fields url]
This appears to work for what I am looking for.
Actually I think I found it after testing.
eventtype=cisco_wsa_squid [| inputlookup phishtank.csv | fields url]
This appears to work for what I am looking for.
@pdumblet - If this has provided a working solution, please click "Accept" below your answer to resolve your post. Otherwise, feel free to leave it open for now if you're open to other possible suggestions. Thanks.