Hi There,
I am new to Graylog. I am testing Threat Intel feature.I created pipeline and rules for src ip, dest ip and domain.
Referring: https://www.graylog.org/post/integrating-threat-intelligence-into-graylog-3
Atter following this article, I tried to search with the field ‘src_addr_threat_indicated’ but it doesn’t appear in search field. Anything I am missing?
Another thing, hot to test it? From where can I know the domain and IP database of threat intel so I can initiate traffic to those destination just to see if it matches and generates alerts?