How to test Threat Intel feature

Hi There,

I am new to Graylog. I am testing Threat Intel feature.I created pipeline and rules for src ip, dest ip and domain.


Atter following this article, I tried to search with the field ‘src_addr_threat_indicated’ but it doesn’t appear in search field. Anything I am missing?

Another thing, hot to test it? From where can I know the domain and IP database of threat intel so I can initiate traffic to those destination just to see if it matches and generates alerts?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.