I collect firewall data into ELK and want to count unique by field “SourceIP”, if count > 10 per SourceIP in 10 seconds, then alert a DDOS attack
Is this correct?
How to use webhook or other method send SourceIPs in http request for each unique count if satisfied?