Since I installed the last update, every 5 minutes I am seeing requests to torproject on my ubuntu server
where I am running graylog server.
My IDS is raising the following alert:
ET POLICY check.torproject.org IP lookup/Tor Usage
When I stop graylog-server there are no more requests and alerts.
I have downloaded the pcap file from the above alert and there is some information about certificat:
This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/0
I am using graylog with TLS enabled
==> Do graylog uses letsencrypt? Do graylog makes requests to specific servers?