Sorry if this is in the wrong group!
Version 2.2.1
Is it possible to reference a static file, for the purposes of evaluating inbound data.
I.e, in our case, we would like to flag up any DNS requests which we perceive to be inappropriate.
We have a text file containing several hundred words. We simply want to match these to an extracted field.
Is that possible/on the agenda for a future release?
Many Thanks,
Tom
That’s currently not supported, although you can write a plugin providing the functionality.
We plan to provide a generic lookup functionality for processing pipelines in one of the next versions.
Hej @tomjcollins85
this might come up in a future version. currently this is not possible.
But you can build that yourself - if you like. Just by creating a processing pipeline function: https://www.graylog.org/blog/71-writing-your-own-graylog-processing-pipeline-functions
