I would like to combine results from the same IP address. So lets say someone tries to do a brute force attack and after 20 attempts he found the correct password and can login. I would like to combine this login failures with the login accepted without adding an IP address in my query.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Graylog Research | 3 | 625 | March 27, 2018 | |
| What is best practise to correlation between brute forces and succcessful login in future | 2 | 455 | October 16, 2018 | |
| error when creating searches | 1 | 436 | March 13, 2018 | |
| Single Login, Multple IP addresses | 3 | 753 | October 22, 2018 | |
| Same field answer | 8 | 288 | February 16, 2023 |