sof-elk icon indicating copy to clipboard operation
sof-elk copied to clipboard

Published 20 hours ago verified publisher icon philhagen

Pull TLD from domains

Open philhagen opened this issue 10 years ago • 3 comments

can we pull TLD from domain data? Would be useful for pivoting to other intel sources, etc.

philhagen avatar Jan 14 '15 22:01 philhagen

Prefect thing to write a new logstash filter plugin

https://github.com/weppos/publicsuffix-ruby

coolacid avatar Jan 22 '15 16:01 coolacid

https://github.com/logstash-plugins/logstash-filter-tld

Enjoy!

coolacid avatar Jan 22 '15 20:01 coolacid

also consider publicsuffix.org

philhagen avatar May 15 '16 20:05 philhagen

going to close this one since wildcard matching in KQL has been viable for a while.

philhagen avatar Nov 17 '23 17:11 philhagen