Conditional query for SIEM

lusynda · November 13, 2020, 11:03am

Hi all
I have some ability that i require SIEM do.
i want to make a query and then if that query match then the second query will be call to search for that specific case since not all security case that happen in single log file but multiple log file.
If that is not available then please make it a feature for SIEM.

borna_talebi · November 15, 2020, 8:35am

Hi
You can create sequences with EQL. take a look at this.

lusynda · November 16, 2020, 1:31am

Yes thanks you for your respond.
But i want to also know how to put that in to elastic SIEM since i dont really see a way to put EQL in any other than the console.

borna_talebi · November 16, 2020, 6:03am

You can use it in SIEM after 7.10 update. take a look at this.

system · December 14, 2020, 6:03am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.