Good Morning All,
I would like to know if there is a way to do bulk searches, instead of having to enter each IP one by one (have over 300).
Also, is there some sort of way or plugin that would enable me to find connections made to a specific website ? as of now I am only collecting logs from Windows Event Log and CISCO ASA.
Thanks
I really need this, thanks
Kind of Bulk search is not possible in Graylog - the only option would be, you create a script/program that uses the Graylog API for search with your list to search for.
To see if a specific website is connected you need data that gives you that knowledge. The first indication would be that someone requested that website domain via DNS. The second would be a connection to the IP that is behind that. But finally, you would need to make a deep packet inspection (and query on this data) to be sure that someone connects to this.
Do you have all that data in your Graylog?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.