Hey!
I am looking forward to 7.5, and was wondering how I could utilize the data added from the Filebeat MISP module.
Could I use Watcher to look at my index with security logs and make an alert if a field in a document matches with information added from the MISP module?
Or could I correlate the MISP data with incoming logs in some way?
I have no knowledge of the MISP dataset, but I can answer the watcher question: you should be able to do that, depending on how the data looks. But I would also suggest looking into the SIEM app and the new Elastic Endpoint Protection. There is more to come that field.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.