Aggregation of incoming events on common fields for SIEM usecase

ParashB · April 22, 2020, 8:26am

How can I do aggregation of incoming events on common fields to reduce the incoming EPS? Refer the AGGREGATION OF EVENTS section in "https://socprime.com/en/blog/arcsight-optimizing-eps-aggregation-and-filtration/" for more detail.

I think it could be done at logstash but can't find relevant documentation so it would be helpful if someone could point me in the right direction.

system · May 20, 2020, 8:26am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Aggregate logs when fields are common in events Logstash	1	223	August 9, 2018
Aggregating json events Logstash	2	346	November 19, 2018
Logstash - Aggregate Sylsog events based on multiple Fields Logstash	2	1328	February 18, 2019
Elastic 7.9.1 - Security (SIEM) - Your visualization has error(s) - [illegal_argument_exception] SIEM	16	2246	November 9, 2020
Aggregation support in SIEM SIEM	3	714	July 21, 2020