We are currently on version 2.4. We are sending logs to Graylog server from our windows / linux clients.
Based on the events that it is collecting, Is there any way to get alerted on stuff like "multiple login failures " or “brute force login attempts” when someone fat fingers their password or keeps guessing password while trying to login to those clients?
I understand Graylog is not a SIEM but can it be configured to alert on such security events ?
If so, how do we go about it ?
Thank you in advance.