The Graylog WALKOFF App aims to provide WALKOFF orchestration for conducting searches against the Graylog API.
Graylog is a wonderful open source log management platform that is robust, speedy and reliable.
WALKOFF is an OSS project made by the NSA that provides an automation framework for automating repetitive tasks.
- Clone the repo
git clone https://github.com/billmurrin/graylog-walkoff-app.git
- Copy the Graylog directory to WALKOFF/apps directory
- From the WALKOFF directory, install the package dependencies in requirements.txt
# python installDependencies -a Graylog
- Start, or restart, the WALKOFF web server
# python startServer.py
- In the WALKOFF Web interface, configure the Graylog device
- The App is "Graylog"
- The Type is "Graylog"
- The URI to Graylog (E.g. http://ip-to-graylog:9000). No need to include /api.
- The API key to use for the connection.
You can use the sample workflow under the samples directory as an example to see how the Graylog App works.
Just copy the Graylog.playbook file to your data/workflows folder and restart the WALKOFF server.
- param
The param action allows you to set a parameter for the search. E.g. limit, range, fields, filter
- relative_search
Specify the query to run, required params (E.g. fields, range) should be set using the param action.
- Support additional query actions (absolute search, relative terms, etc.).
- Provide sample workflows.
- Update app.py once WALKOFF issue #165 has been resolved.
- Implement tests using pytest.
- Widget for the App? Maybe...