Apparently this is no longer functional using Community API keys. This is the message I get in Graylog version 6.0.0: "Cannot perform lookup without a GreyNoise Enterprise subscription. Check API key and restart Data Adapter."
It so awesome Taylor! The current community plan of Greylog just allow to do 50 IP lookup per week. I looked prices the basic plan costs $27,000 dlls/year , definitly I can't pay it, it's to much for me :C I hate to be poor lol
If your logs are already stored within OpenSearch, you'd need to write a script that makes an API request to opensearch to collect the IPs, then loop through and submit the IPs to Greynoise and then make another API call to OpenSearch to PUT the new fields...much easier to do with Graylog :)
@@taylorwalton_socfortress Interesting Point, is not also according to your SOC Series, the GrayLog is used for all normalisation and other functions, but then Graylog sends the Logs to Storage into the Wazuh Indexer ?
Great Video and great Series Taylor! I wonder about the Intel Enrichment part. On your original Plan you used Misp & OpenCti, have u now changed both into Graynoise?
Hey Michael, you definitely could! I just think Graylog makes it much easier when it comes to ingesting various log sources outside of wazuh, log normalization, log routing, data caching and just gives us more freedom over our logs. Thanks for watching!