File carving based on usecases.
- Intel hash based Match File-carving
- Intel suspicious Source IP/domain File-Carving.
- Self found threats based File Carving.
Based on hosom/file-extraction and Zeek extract. Follow the instructions for integrating OTX Intel data at: https://github.com/hosom/bro-otx