What is mean of srcip_threat_indicated AND srcip_threat_indicated_spamhaus
My graylog server is enable threat intelligence we found log can detected false and true value of srcip_threat_indicated and srcip_threat_indicated_spamhaus
I checked IP is false of srcip_threat_indicated fielded with www.abuseipdb.com. It’s found on that bad IP. and checked is True is same result.
so you use something to analyze your messages and you did not know what the result is?
you should read why the IPs might be placed on the lists that are checked. Together with the knowledge what kind of messages you have you need to make your own conclusion what this mean for your environment.