Hi,
I am trying to create a successful brute force attempts. For that I am writing a ruby code in logstash.
Is there any other method like writing a query in elasticsearch, so that I could meet the logic of the successful brute force attempt [Brute force attempt by a particular user on a particular IP]?
I have already created many filters in my logstash and I don't want to overload it. I have tried the query in kibana but I am not able to meet it there.
I am not sure why you'd want to write ruby in Logstash to achieve brute force detection.
I'd suggest taking a look at Elasticsearch Terms Aggregations combined with Alerting.
Also see this blog re portscan detection (logic can be adapted for failed bruteforce login).
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.