Reference a known malicious CSV list of I.P Addresses

Hi, is it possible to reference a list on graylog. what i want to do is to compare my source addresses with a list of known malicious addresses i already have on a CSV file. In short, what i want to do is check if my source addresses are accessing any of the malicious addresses.


Thanks, i have read about it and i just tried implementing it. but it aint working still. Pls what exactly is wrong? Below are the screenshots

  1. screenshot of the csv file


  1. Data Adapter

  2. Look up table


What’s the actual content of the file?

suspected malicious i.p addresses and i have close to 2000 rows.

For the Quote Character field, i used a space. whereas, the next i.p to check is on the next line. hope it isnt wrong?

Please provide examples. And a screenshot of Excel is not an example.

Just leave the default value (double quote).

Maybe for clarification:

The Lookup is a Key-Value lookup. In your case could be the value a second column that just contains “true” or what ever indicate. Then you can lookup the IP in the ipaddr column and the value need to be read from a second column. Having the key and the value in the same is currently not supported by the csv lookup adapter.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.