search

airbus-cyber / graylog-plugin-alert-wizard

Alert Wizard plugin for Graylog to manage the alert rules
Other
46 stars 7 forks source link

Enhancement - Allow lists to use any lookup table #21

Open Sinagot opened 4 years ago

Sinagot commented 4 years ago

Hi,

To enhance the plugin, could it be possible for the lists to use a user created lookup table ? I mean, if I have a lookup table connected to a CSV or a http JSON Path, it would be great to be able to include it as a list in the Wizard

frantz45 commented 2 years ago

Good idea, we'll remove the actual list plugin to use Graylog lookup tables and improve them (check other issues related to Lists).

Actually we check if a rule use a list and we deny the removal of this rule if it's the case (you need to remove the list to be allowed to remove the rule). Using Graylog lookup tables instead of our custom list, we'll loose this behavior, but if a rule use a deleted lookup table we'll display the rule in red as "inconsistant" like it's the case if you remove the event definition linked to a wizard rule.