SIEM use case creation with Graylog ( republished)


(Anas) #1

Source ( Topic of sathishdsgithub, i have the same problem or question )

Hello all,

I would like to know the possibilities of creating SIEM use-cases with Gray log. I have specified some of the use-case names as shown below. We have created some alerts using the Aggregator plugin. However, there are some limitations using the aggregator plugin, we are able to create a query based on the source parameter.

Suppose if I want to create a use-case for “multiple sources trying to scan the single destination host on random ports” which is not possible with Aggregator plugin. Please let us know is there any plugins or options available for creating different SIEM use cases

TCP ACK Scan
TCP ACK PUSH Scan
TCP SYN SCAN
TCP Connect Scan (Plain Vanilla)
Ping Sweep
Large DNS response
Port Scan

Cheers
Anax


(system) #2

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.