We are trying to strategize how we might be able to look for beaconing or periodic traffic going to the same or location. Is there a way that we can count events from the same user (Without knowing the user) to the same destination IP and only alert us if we see so many events within an hour?
Can I see a sample of the event you want to use to do this so I can see what fields are being sent? Please substitute fake username and ip addresses in the data. I am not sure if we can do exactly what you are looking to do as it depends on the event we are collecting and the data in that event.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.