Hello,
I like your solution very much and I’m also looking forward to support Odoo ERP system in your hub.
BR,
2 Likes
Hi @mmhy2003,
I just opened an issue in the right repository so community users and us we’ll take care of this issue asap.
If you already have a Odoo ERP installed, could you please tell us what kind of behavior do you want to detect ?
I think we can start with bruteforce attack on the login page for the beginning. Could you provide us logs sample please.
Hi @he2ss
Thanks for your reply.
Yes, I can indeed help you. I can provide you with sample logs and you can also review Odoo official documentation on blocking bruteforce attacks on login page, you can use it as a reference to develop the parser and bf scenario.
BR,
I want also to draw your attention to that the login user can be of type ‘USER’ or ‘EMAILADDRESS’ as a grok filter
2018-07-05 14:56:31,506 24849 INFO db_name odoo.addons.base.res.res_users: Login failed for db:db_name login:admin from 127.0.0.1
or
2018-07-05 14:56:31,506 24849 INFO db_name odoo.addons.base.res.res_users: Login failed for db:db_name login:admin@example.com from 127.0.0.1