Not sure how graylog will help me here and need your insights on this. Or if someone has already implemented similar kind of stuff can give me feedback?
I have honeypot setup at perimeter level which has ELK hence wondering if I do output from that Logstash to graylog and
Then set up stream
and HTTP call backup action to firewall API to block the hosts on the fly? That is assuming if any of the IP hitting my honeypot more than 5 times it will send HTTP API to the firewall to block the IP.
Can we achieve something similar?