What is mean of srcip threat indicated AND srcip threat indicated spamhaus


Hello member

What is mean of srcip_threat_indicated AND srcip_threat_indicated_spamhaus

My graylog server is enable threat intelligence we found log can detected false and true value of srcip_threat_indicated and srcip_threat_indicated_spamhaus

I checked IP is false of srcip_threat_indicated fielded with www.abuseipdb.com. It’s found on that bad IP. and checked is True is same result.



I following this https://www.graylog.org/post/integrating-threat-intelligence-with-graylog

(Jan Doberstein) #3

so you use something to analyze your messages and you did not know what the result is?

you should read why the IPs might be placed on the lists that are checked. Together with the knowledge what kind of messages you have you need to make your own conclusion what this mean for your environment.


I’m confuse of values


Example srcip_threat_indicated is show False
srcip_threat_indicated_spamhaus is show False

I try to search on https://www.abuseipdb.com . These IP is Hacking IP

(system) #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.