Why not use the translate filter in LS to add a field based on these IPs
(eg alertableIP: true) and then run a percolator query?
On 30 April 2015 at 01:24, Chris Adams chrisadam...@gmail.com wrote:
Folks...
Looking for suggestions here on approach for a simple use case.
I have ELK up and
Folks...
Looking for suggestions here on approach for a simple use case.
I have ELK up and running monitoring SSH connections to a server. I also
use ThreatConnect which provides IP addresses (IPs of hosts that bad people
use) that I query via a RESTful API. I DO NOT have any of the threat