Hello Team ,
I am using graylog for last couple of months and feel like graylog is lacking on following points :
Can it possible to have dynamic lookup table instead of static lookup , so that field can be added into lookup on the fly.
Multi-correlation for heterogeneous devices based n srcip or usernames like commercial SIEM have nowadays ?
Can you used lookup table in the rules?
I am facing challengers in creating some advance rules because of above point. Let me know if its possible to such flexibility in graylog.