chris/styx
chris/styx
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
styx/DEMO.md
Christopher Talib 5d223c3886 Adding pastebin matching + demo IOC
2020-06-10 11:32:56 +02:00

490 B
Raw Blame History

Demo notes

{
  Node(func: eq(type, "matcher")){
    id
    target
    type
    full
    nodes {
      uid
      full
    }
  }
}

{
  Node(func: has(nodes)  ) {
    uid
    type
    target
    timestamp
    nodes {
      uid
      type
      full
      hostnames

    }
  }
}

Notes

  • There is TOO MUCH junk data
  • Upsert is not optimal
  • What do we do with the data so it can be exploitable by analysts
  • Sould we store matched data in an SQL-like db?