Greetings to everyone
I would like to get more information about how “SUBQUERY” works.
I have the following rule: where(SUBQUERY(“TOR Exit Node”)
Thanks in advance for any advice
Greetings to everyone
I would like to get more information about how “SUBQUERY” works.
I have the following rule: where(SUBQUERY(“TOR Exit Node”)
Thanks in advance for any advice
Subqueries are utilized by our Threat Intelligence Detection Engineering team to build and maintain rules with dynamic IOCs, these IOCs for TOR exit nodes and constantly updated, so instead of updating the rule we update the subqueries. These are not exposed to customers currently. We can provided a snapshot of a current subquery, but it would potentially become stale relatively soon as we continuously update it based on new information, as well as aging out known good IPs after a time.
David
David thanks for your answer.
However now I have the following doubts:
Thank you in advance for any advice, I am sorry to have so many doubts.