I have a project in which, ELK implementation is done, and they have started collecting logs from some 2-3 log sources. The client wants to implement ELK as SIEM.
I have a set of use-cases to be implemented, for which the pre-requisite is to have the log sources integrated with proper base-lining.
If base-lining is done properly, we will get the necessary logs needed for use-case implementation.
Unlike other SIEMs which provide the baselines/configuration guides mentioning the steps to be performed at the log sources.
Does ELK have any such configuration guides or baselines available. ?