Yelp / elastalert

Easy & Flexible Alerting With ElasticSearch

https://elastalert.readthedocs.org

Apache License 2.0

7.99k stars 1.73k forks source link

Open Jamyfreedom opened 3 years ago

Jamyfreedom commented 3 years ago

Creating Any rules to match if the IP range are NOT going to the specific destination IP range it will FIRE alert to email.

Version : 1.0

name: Any rule type: any index: graylog*

attach_related : TRUE

filter:

query: query_string: query: source-ip: "1.1.1.1/22" AND NOT (destination-ip: "2.2.2.2" OR "2.2.2.3" OR "2.2.3.4") AND NOT destination-port: "123"

alert: