Hey!
I am looking forward to 7.5, and was wondering how I could utilize the data added from the Filebeat MISP module.
Could I use Watcher to look at my index with security logs and make an alert if a field in a document matches with information added from the MISP module?
Or could I correlate the MISP data with incoming logs in some way?
Mostly just looking for suggestions 
Thanks in advance!
I have no knowledge of the MISP dataset, but I can answer the watcher question: you should be able to do that, depending on how the data looks. But I would also suggest looking into the SIEM app and the new Elastic Endpoint Protection. There is more to come that field.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.