I looking for to use ELK-Stack as intrusion decetion system (IDS). i'm new in ELK and it is my first setup of en IDS.
ELK-Stack Version: 6.8.4
An pfsense Syslog file shows like the following:
Insiede this message there are two IP-adresses. the First one ist the source of the "attack" ant the second one ist the destination, where the hacker want to go. Now i want to Filter the Log, that I'm able to count how many attacks are coming from an address.
If you need some additional informations plese write me. I don't send the actuerl config directly here, because of spam. The ELK-Stack Setup i had done with the following guide: