[graylog2] Re: How to use pipeline
Hi Ajay, Even I'm worried about this feature. If we cannot pass variables between different rules or pipelines we cannot achieve correlation. We should have feature to create global variables which can communicate between different rules or pipelines. This marks major difference between traditional SIEM tools and search tools. Please let me know if you come across any solution for this issue. Thanks and Regards, BHANU PRASAD K. On Sunday, September 4, 2016 at 2:51:02 PM UTC+5:30, Ajay Kumar wrote: > > Hi All, > > I am learning graylog to use as a SIEM solution, as per my knowledge we > can use only pipeline processor feature for below scenario: > > Alert when 5 authentication failures followed by a successful logon by > that same origin login > > I have went through document but unable to understand how to achieve this. > > I would appreciate if someone can help me. > > Regards, > > Jay > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/61678844-d03d-464a-8014-f07dd3e678e2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: How to use pipeline
Hej Jay, I am aware of this plugin but with this I won't be able to do message routing to various streams and customize email alerts or post it to HTTP callback links. no current available Plugin would help you with this - but you can develop it, or pay someone. /jd -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/etPan.57d29ddd.7cdb927b.943%40jalogisch.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using AMPGpg
Re: [graylog2] Re: How to use pipeline
Thanks Jan. I am aware of this plugin but with this I won't be able to do message routing to various streams and customize email alerts or post it to HTTP callback links. On Thursday, September 8, 2016 at 12:44:45 PM UTC+5:30, Jan Doberstein wrote: > > Hej Jay, > > > I believe at the moment, pipeline doesn't offer aggregation feature which > is must to achieve this. > I would appreciate if anyone knows any workaround to achieve this. > > > Maybe this Plugin can help you with the task: > https://marketplace.graylog.org/addons/0d01a899-138a-4f77-a9e7-04be4cc5e190 > > regards > /jd > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/88498141-0164-4501-a99e-b6e7a8b17a5a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [graylog2] Re: How to use pipeline
Hej Jay, I believe at the moment, pipeline doesn't offer aggregation feature which is must to achieve this. I would appreciate if anyone knows any workaround to achieve this. Maybe this Plugin can help you with the task: https://marketplace.graylog.org/addons/0d01a899-138a-4f77-a9e7-04be4cc5e190 regards /jd -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/etPan.57d10fde.38fb2af3.943%40jalogisch.de. For more options, visit https://groups.google.com/d/optout. signature.asc Description: Message signed with OpenPGP using AMPGpg
[graylog2] Re: How to use pipeline
I believe at the moment, pipeline doesn't offer aggregation feature which is must to achieve this. I would appreciate if anyone knows any workaround to achieve this. On Sunday, September 4, 2016 at 2:51:02 PM UTC+5:30, Ajay Kumar wrote: > > Hi All, > > I am learning graylog to use as a SIEM solution, as per my knowledge we > can use only pipeline processor feature for below scenario: > > Alert when 5 authentication failures followed by a successful logon by > that same origin login > > I have went through document but unable to understand how to achieve this. > > I would appreciate if someone can help me. > > Regards, > > Jay > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/d1c5ee7d-4989-42f2-8d0f-7f15aabee382%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
