I have just started to use Graylog to alert on one of my client’s networks.
I have set up various basic alerts for things like failed logon attempts.
Currently my emails are being severely spammed. How can I fine-tune the alert to only display potentially malicious logon attempts instead of the false positives.
Any advice would be much appreciated.