Strelka

11 Apr 2024
1 Minute to read

Print
Share
Dark
Light

This documentation version is deprecated, please click here for the latest version.

Strelka

Updated on 11 Apr 2024
1 Minute to read

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback!

Strelka Extension Pricing

Note that usage of ext-strelka will incur usage of Artifact Exporting (applied to processed artifacts at a rate of $0.02/GB) as well as webhook data received in LimaCharlie and the related costs on top of the ext-strelka specific pricing.

Strelka is a real-time file scanning system used for threat hunting, threat detection, and incident response.

The Strelka extension receives files using Artifacts by specifying an artifact_id in the run_on request. The extension will then process the file and return the results to the caller as well as send the results to its related Sensor.

Configuration

Example D&R rule that processes all Artifacts ingested with the type zeek-extract:

Detect:

event: ingest
op: is
path: routing/log_type
target: artifact_event
value: zeek-extract

Respond:

- action: extension request
  extension action: run_on
  extension name: ext-strelka
  extension request:
    artifact_id: '{{ .routing.log_id }}'

Was this article helpful?

What's Next

Twilio

Table of contents