-
Notifications
You must be signed in to change notification settings - Fork 65
Things to Know
Ecstatic Nobel edited this page Apr 19, 2019
·
4 revisions
Here are some things to keep in mind:
-
All commands accept input from the pipeline. Either use the
fieldsortablecommand to select one field containing the values that the command accepts and pipe it to the command with the first argument being the field name.<search> | fields <FIELD NAME> | <OSWEEP COMMAND> <FIELD NAME>ex. The following will allow a user to find other URLs analyzed by URLhaus that are hosting the same Emotet malware as ahsweater[d]com and group it by the payload:
| urlhaus ahsweater.com | fields payload | urlhaus payload | stats values(url) AS url BY payload
Go to Troubleshooting