Other SIEM solutions such as Splunk and AlienVault have functionality built in that can triggers an alert when an IP address matches a blacklist. What would be the easiest/cleanest way to implement this in Graylog? I'm currently considering using a script to use REST API to pull IPs from graylog and match them against a .csv list.
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/3be6d9bb-c632-4adf-9a45-f4165318bdd7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
