ECS Quality Dashboard - ECS Coverage of LogSources

Hello :slight_smile:

I'm searching for an ECS Dashboard Template to check if LogSources are sending the Logs right in view of ECS conditions (ECS coverage - Elastic Security ECS field reference | Elastic Security Solution [7.16] | Elastic)
For example i would like to have a bar graph with all needed fields of the event taxonomy (category, type, outcome) in relation to all events. This should show whether the needed field are filled in (f.e. event.category:*) and whether the allowed values are filled in. Host-, authentification- and and network fields would be important too.

Is there a template that matches something like that? :slight_smile:
The dashboard templates i found until now didn't realize this so i would be very thankful when someone would give me an advice.

Hello, @zangero98!

I don't know of a dashboard template to show this type of ECS coverage. It is something the ECS team is still tracking. We're also always looking at better ways for users to validate their ingested data complies with ECS best practices.

Not a dashboard, but this blog post outlines an alternative solution using the security solution and detection rules. The examples from the piece are trying to solve the same problems you shared: missing fields or validating allowed values.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.