Hi, you could build something like this using the new message processing pipelines (see http://docs.graylog.org/en/2.0/pages/pipelines.html). We're planning to add a generic dictionary lookup function in the future (see https://github.com/Graylog2/graylog-plugin-pipeline-processor/labels/lookup-table). For now, you'd have to write a Graylog plugin which provides a function to run lookups against your blacklist.
Cheers, Jochen On Monday, 23 May 2016 21:13:52 UTC+2, VR wrote: > > Other SIEM solutions such as Splunk and AlienVault have functionality > built in that can triggers an alert when an IP address matches a blacklist. > What would be the easiest/cleanest way to implement this in Graylog? I'm > currently considering using a script to use REST API to pull IPs from > graylog and match them against a .csv list. > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/747a4cf7-f8a9-4f91-bd51-cc5d9958e19c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
