What is mean of srcip threat indicated AND srcip threat indicated spamhaus


#1

Hello member

What is mean of srcip_threat_indicated AND srcip_threat_indicated_spamhaus

My graylog server is enable threat intelligence we found log can detected false and true value of srcip_threat_indicated and srcip_threat_indicated_spamhaus

I checked IP is false of srcip_threat_indicated fielded with www.abuseipdb.com. It’s found on that bad IP. and checked is True is same result.

2019-01-03%2010_17_11-Graylog%20-%20Search


#2

I following this https://www.graylog.org/post/integrating-threat-intelligence-with-graylog


(Jan Doberstein) #3

so you use something to analyze your messages and you did not know what the result is?

you should read why the IPs might be placed on the lists that are checked. Together with the knowledge what kind of messages you have you need to make your own conclusion what this mean for your environment.


#4

I’m confuse of values

srcip_threat_indicated
and
srcip_threat_indicated_spamhaus

Example srcip_threat_indicated is show False
srcip_threat_indicated_spamhaus is show False

I try to search on https://www.abuseipdb.com . These IP is Hacking IP


(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.