What are we missing ! GrayLog version is 3.0Īlso, does the "Threat Intelligence Lookups:* rule take care of all these 3 feeds or should we write explicit pipeline rules. When we handpick the known malicious ip’s from the same logs showing as Zero in the GUI and search using the test lookup option given the lookup_tables, it shows the value with Non Zero (6) which means it malicious to our understanding.When we click on the threat_indicated values … it is all showing as Zero ( 0).In the search page, fields section - we will see the new additional fields cropping up once the pipeline rules matches from the logs.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |