hello everybody can anyone please help me i need to know if it is possible to archive the ELK logs to an external storage off the current platform, and the data will still be searchable. and does anybody know of a method to integrate the ELK data into another SIEM
Searchable snapshots | Elasticsearch Guide [7.13] | Elastic will do what you want.
Integrating data into other systems depends entirely on if those systems can talk to Elasticsearch or not.
thank you so much for your reply, can you suggest me please some Siems that can get integrated to elasticsearch
The Elastic Stack has a free SIEM in it, why not use that?
yes actually we are using elastic siem but we would like know if it is possible to integrate data to use it in another siem
As I mentioned, the other product would need to be able to talk to Elasticsearch. You'd need to research if they can do that, as we don't keep lists of that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.