How To Automate Cyber Threat Intel With Graylog and Greynoise. Auto Detect Malicious IPs!

Рет қаралды 8,914

Taylor Walton

Күн бұрын

Пікірлер: 17

@Foxi352 2 жыл бұрын

This series is pure gold. Thank you very much for investing a lot of time making it ! 🍻

@taylorwalton_socfortress 2 жыл бұрын

Thanks for watching!

@luismontoya9925 Жыл бұрын

It so awesome Taylor! The current community plan of Greylog just allow to do 50 IP lookup per week. I looked prices the basic plan costs $27,000 dlls/year , definitly I can't pay it, it's to much for me :C I hate to be poor lol

@mean779 2 жыл бұрын

Thank you

@taylorwalton_socfortress 2 жыл бұрын

Thanks for watching!

@Bobtb 8 ай бұрын

Apparently this is no longer functional using Community API keys. This is the message I get in Graylog version 6.0.0: "Cannot perform lookup without a GreyNoise Enterprise subscription. Check API key and restart Data Adapter."

@eladdolev3507 2 жыл бұрын

Great Video and great Series Taylor! I wonder about the Intel Enrichment part. On your original Plan you used Misp & OpenCti, have u now changed both into Graynoise?

@taylorwalton_socfortress 2 жыл бұрын

Stay tuned :)

@MsRope93 2 жыл бұрын

is it possible to the same with OpenSearch instead of Graylog?

@taylorwalton_socfortress 2 жыл бұрын

If your logs are already stored within OpenSearch, you'd need to write a script that makes an API request to opensearch to collect the IPs, then loop through and submit the IPs to Greynoise and then make another API call to OpenSearch to PUT the new fields...much easier to do with Graylog :)

@eladdolev3507 2 жыл бұрын

@@taylorwalton_socfortress Interesting Point, is not also according to your SOC Series, the GrayLog is used for all normalisation and other functions, but then Graylog sends the Logs to Storage into the Wazuh Indexer ?

@carlitoang9509 7 ай бұрын

can't use Greynoise free anymore :( Graylog asking for the subscription one

@miguelsaiz8151 2 жыл бұрын

Hi Taylor ! I would like to work for you in SOCFortress

@virtual-riot Жыл бұрын

hello my bro nice to meet u, i hope u are well , could you help me a create input office 365 audit logs on graylog please i have version 4.2

@quikmcw 2 жыл бұрын

but you can do all of this from within Wazuh and it is rather easy. Then you don't need to spin up another server and another server.....etc.

@taylorwalton_socfortress 2 жыл бұрын

Hey Michael, you definitely could! I just think Graylog makes it much easier when it comes to ingesting various log sources outside of wazuh, log normalization, log routing, data caching and just gives us more freedom over our logs. Thanks for watching!