Since posting a diary about Vega-Lite [1], I have “played” with other queries that might be interesting and the first one that I wanted to explore since the DShield SIEM [2] capture and parse the iptables logs and store the Time-to-Live (TTL) for analysis.
This article has been indexed from SANS Internet Storm Center, InfoCON: green