Threats_classifier filter plugin

  • This plugin was created and is maintained by a partner.
  • Change log


For plugins not bundled by default, it is easy to install by running bin/logstash-plugin install logstash-filter-threats_classifier. See Working with plugins for more details.


This plugin uses the cyber-kill-chain and MITRE representation language to enrich security logs with information about the attacker’s intent—​what the attacker is trying to achieve, who they are targeting, and how they plan to carry out the attack.


Documentation for the filter-threats_classifier plugin is maintained by the creators.

Getting Help

This is a third-party plugin. For bugs or feature requests, open an issue in the plugins-filters-threats_classifier Github repo.