Strelka
- 11 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
This documentation version is deprecated, please click here for the latest version.
Strelka
- Updated on 11 Apr 2024
- 1 Minute to read
- Contributors
- Print
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Strelka Extension Pricing
Note that usage of ext-strelka will incur usage of Artifact Exporting (applied to processed artifacts at a rate of $0.02/GB) as well as webhook data received in LimaCharlie and the related costs on top of the ext-strelka specific pricing.
Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response.
The Strelka extension receives files using Artifacts by specifying an artifact_id in the run_on request. The extension will then process the file and return the results to the caller as well as send the results to its related Sensor.
Configuration
Example D&R rule that processes all Artifacts ingested with the type zeek-extract:
Detect:
event: ingest
op: is
path: routing/log_type
target: artifact_event
value: zeek-extract
Respond:
- action: extension request
extension action: run_on
extension name: ext-strelka
extension request:
artifact_id: '{{ .routing.log_id }}'
Was this article helpful?