Hi Ajay,
Even I'm worried about this feature. If we cannot pass variables between
different rules or pipelines we cannot achieve correlation. We should have
feature to create global variables which can communicate between different
rules or pipelines. This marks major difference between traditional SIEM
tools and search tools. Please let me know if you come across any solution
for this issue.
Thanks and Regards,
BHANU PRASAD K.
On Sunday, September 4, 2016 at 2:51:02 PM UTC+5:30, Ajay Kumar wrote:
>
> Hi All,
>
> I am learning graylog to use as a SIEM solution, as per my knowledge we
> can use only pipeline processor feature for below scenario:
>
> Alert when 5 authentication failures followed by a successful logon by
> that same origin login
>
> I have went through document but unable to understand how to achieve this.
>
> I would appreciate if someone can help me.
>
> Regards,
>
> Jay
>
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/61678844-d03d-464a-8014-f07dd3e678e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
