I am trying to implement ELK as a SIEM as instructed here, where Arcsight logs are being sent as CEF format in Logstash Arcsight module.
However, I understand that normally when the logs are parsing in Logstash, Grok Filter is needed for parsing logs into separated attributes. This is where I am not sure if this is also the case when I apply Logstash Arcsight module. Does this module be able to function as Grok Filter itself?