Returns true if the threat intelligence feed contains a target value, and false otherwise.


matchfeed(FEED_ID, STR_EXPR)
Required Parameter

Identifier of the threat intelligence feed. If you specify an invalid feed string constant, the query fails.

See the following table for available identifiers. In addition, you can use the feeds provided by apps installed on Logpresso Sonar or Logpresso Maestro.

otxipReal-time IP address reputation feed in the format of OTX (Open Threat Exchange)
toripReal-time Tor exit node IP address information feed
mdl_domaindomainReal-time malicious domain name (e.g. C&C domain)
mdl_ipipReal-time malicious domain name (e.g. C&C IP address)
abusechdomainReal-time malicious domain name (e.g. C&C domain) feed provided by
malc0demd5Real-time Malware database provided by

Expression to return the string to be searched in the feed