What would be the best way to have fields populate based on the OUI from MAC or DHCP options from a request (https://github.com/inverse-inc/fingerbank/blob/master/dhcp_fingerprints.conf)? For instance, If I want to see how many requests to a DHCP server are from VMWARE (00:50:56) Hyper-V (00-15-5D), each one uses a unique OUI and I'd like to autotag as HyperVisor="x" based on the OUI. And do something similar for the DHCP option such as OS="x" based on the FINGERPRINT log but I'd like the import the database once a month instaed on modifying many extractors.
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/76c5d138-c66e-4c6c-a6ef-1e0821f8b154%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
