How-To: Search for URL Indicators of Compromise (IOC) Across a Data Set

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

Page was created:27 Feb 2024

URLs are a typical IOC. With LogScale, it's easy to use LogScale Query Language (LQL) to determine a possible threat using the lookup() function.

For example:

// Ensure the URL is written in all lowercase. 
url := lower(YOURURL)
// Perform the lookup for the URL. The strict option only returns matches. 
| ioc:lookup(field=url, type=url, confidenceThreshold=unverified, strict=true)

Knowledge Base

How-To: Search for URL Indicators of Compromise (IOC) Across a Data Set

Enter search term