Advanced alerting

Any plans to implement some advanced alerting features in graylog2? E.g. I have logs with ip addresses, user IDs and URLs. I want to get an alert if within 15 minutes any userid accesses certain URL from different IP addresses. In this case i want to track down users who shares they credentials with other people. Another example, i have proxy logs. I want to get an alert if someone accessed some URL without accessing images,css and javascripts during 1 minute. This alert would catch all kind of wget and curl downloads.
  • Matt Maloney
  • Apr 4 2017
  • Planned
  • Attach files
  • Rene W commented
    April 4, 2017 20:50

    It sounds great, because I am searching for a possibility to get an alert on Brute-Force attempts. Like IP x tried y times on URL z in a certain Timespan

  • Ahmad Nik commented
    April 4, 2017 20:50

    It would be great to add something like a correlation engine. It's very useful.

  • Admin
    Lennart Koopmann commented
    April 7, 2017 21:13

    Confirming that this will be available in Graylog v3.0, which is planned for the end of 2017.

  • Adi Rawa commented
    January 7, 2018 04:32

    Does anybody know when this feature or graylog 3.0 be released? I know teal just released the 2.4 but it seems a long way till next increment.

  • Martin W commented
    March 27, 2018 02:12

    There are some really interesting use cases to detect malicious activity just by correlating sequences of events within a configurable timeframe. It would be great if Graylog would facilitate that.