Simple Top 5 Attackers

sourcetype = "juniper:idp" attack* | top limit=5 src_ip

purpose:

Find the top 5 ip addresses that are attempting to attack us.

requirements:

juniper:idp data

comments: