This app was primarily designed for passing in a wordlist like: "iexplore.exe,svchost.exe" and comparing that against events (say, process audit security logs) to find results that are <100 and greater than some number... highlighting processes like "svch0st.exe" or "scvhost.exe" - common malware hiding techniques.
That said, it's probably not the most efficient for your use case but you could accomplish a comparison like this:
your search | fields name,blacklist_name | makemv delim="," blacklist_name | mvexpand blacklist_name | fuzzy wordlist=name compare_field=blacklist_name
With the update I tossed in the git repo, that should read the values out of your name column and compare it to the blacklist_name column. With the makemv/mvexpand combo, you can compare every entry and get a corresponding score to find similar entries.
If you're looking for exact matches, then something like this might be better:
your search | fields name,blacklist_name | makemv delim="," blacklist_name | mvexpand blacklist_name | where match(name,blacklist_name)
I used the fields operator in those sample searches but that's not strictly required here. Hope that helps.
... View more