@elastic/hunt-ioc
Hunt for an Indicator of Compromise (IP, hash, domain)
RUN SKILL hunt_ioc()With parameters:
RUN SKILL hunt_ioc WITH ioc = 'value'| Name | Type | Default | Description |
|---|---|---|---|
| ioc | STRING | — | IOC value to hunt for (IP, hash, domain) |
-- Using curl
curl -u elastic-admin:elastic-password http://localhost:9200/_escript \
-H "Content-Type: application/json" \
-d '{"query": "RUN SKILL hunt_ioc()"}'
-- Response
{
"result": [...],
"_meta": {
"execution_id": "abc123",
"duration_ms": 45
}
}