Adding Threat Intel fields in Elasticsearch data

How we can add threat intel data for elastic agent logs before they are entering into the Elasticsearch cluster?

I am trying to add some new fields to each log before based on the details present in that logs.

Example: If you consider Virus Total

Based on the process name collected by our elastic agent I need to add one more field in each row by calculating its Virus total score.

How we can add that additional field?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.