I’d love to write some custom plugins for my Graylog in order to do some extra correlations outside of the JVM (for performance reasons).
I’m aware that Java is currently the only supported language to accomplish this with, but was wondering if writing non-Java plugins could be supported further down the road.
In anticipation of the question “why”, I’ll say that I can’t think of any other feasible way to correlate high volume logs (dns/firewall) in near-real-time against the tens of thousands of OSINT indicators that I pull in daily.
I’m aware that I can pull the data directly from Elasticsearch’s API, and then do offline correlations, but I’d prefer to keep my correlation logic consolidated to Graylog if possible.