I would like to combine results from the same IP address. So lets say someone tries to do a brute force attack and after 20 attempts he found the correct password and can login. I would like to combine this login failures with the login accepted without adding an IP address in my query.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Graylog Research | 2 | 625 | March 13, 2018 | |
| What is best practise to correlation between brute forces and succcessful login in future | 1 | 456 | October 2, 2018 | |
| error when creating searches | 0 | 437 | March 13, 2018 | |
| Single Login, Multple IP addresses | 2 | 753 | October 8, 2018 | |
| Same field answer | 7 | 289 | February 2, 2023 |