We are using open source ELK stack and we have different log sources enabled. Is there anyway we can have log correlation between different log sources.
For example if we search for one IP or user we can see all logs from different logs sources realated to that IP or source.
Another question :- is there any way we can consolidate similar alerts in single incident and correlate logs from different source on investigation.
For example - If we have alerts from one user from Firewall logs, and one alert from AD logs or endpoint logs, can we consolidate all those in single incident. So we dont have duplicates and reduce noise and same time can correlate different log sources for investigation.