Simplify the calculation of the events period in case of a catch up window

airbus-cyber / graylog-plugin-correlation-count

Alert condition plugin for Graylog to perform correlation

Other

24 stars 6 forks source link

Simplify the calculation of the events period in case of a catch up window #30

Closed frantz45 closed 1 year ago

frantz45 commented 2 years ago

Due to a Graylog bug (https://github.com/Graylog2/graylog2-server/issues/13061) the current code corresponding to the calculation of the period of the events which triggered a rule is quite complex. When this Graylog bug will be fixed, it would be nice to simplify this code.

frantz45 commented 1 year ago

I've tested with CorrelationCount v5.1.0 and I confirm it triggers alerts as expected in case of a catch up window. (test: send logs in the future, stop graylog for some minutes, start graylog and check if alerts trigger)