I am looking forward to 7.5, and was wondering how I could utilize the data added from the Filebeat MISP module.
Could I use Watcher to look at my index with security logs and make an alert if a field in a document matches with information added from the MISP module?
Or could I correlate the MISP data with incoming logs in some way?
Mostly just looking for suggestions
Thanks in advance!