Is it possible to get individual IP address count from different sources to my server(packetbeat installed)

I am using "packet beats" for my project which is related to DoS(Denial of service) attacks. Is it possible to make "packetbeat" to store unique ip addresses(from different sources) along with some parameters --> count on real time.Based on that detecting and alerting stuff.

You an use a cardinality aggregation in Elasticsearch to count the number of unique IP addresses.

thanks for quick reply Mr.Andrewkroh, I will go through :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.