Threats_classifier filter plugin

For plugins not bundled by default, it is easy to install by running bin/logstash-plugin install logstash-filter-threats_classifier. See Working with plugins for more details.

This plugin uses the cyber-kill-chain and MITRE representation language to enrich security logs with information about the attacker’s intent—​what the attacker is trying to achieve, who they are targeting, and how they plan to carry out the attack.

Documentation for the filter-threats_classifier plugin is maintained by the creators.

This is a third-party plugin. For bugs or feature requests, open an issue in the plugins-filters-threats_classifier Github repo.