Adding Threat Intel fields in Elasticsearch data

Naveen_Kumar_Reddy_S · June 23, 2021, 11:25am

How we can add threat intel data for elastic agent logs before they are entering into the Elasticsearch cluster?

I am trying to add some new fields to each log before based on the details present in that logs.

Example: If you consider Virus Total

Based on the process name collected by our elastic agent I need to add one more field in each row by calculating its Virus total score.

How we can add that additional field?

system · July 21, 2021, 11:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Threat Intel and SIEM SIEM	3	4150	December 15, 2020
Add a new field to the .ml-anomalies-shared index Elasticsearch	1	187	November 15, 2022
Best Practices for Adding New Logs? Elasticsearch	1	188	February 6, 2023
ThreatIntel Module - missing field [otx.id] when calculating fingerprint Elastic Security	4	407	June 13, 2023
Threat Intelligence Platform Integration Logstash	2	1148	March 27, 2019