ECS Quality Dashboard - ECS Coverage of LogSources

zangero98 · January 19, 2022, 11:53am

Hello

I'm searching for an ECS Dashboard Template to check if LogSources are sending the Logs right in view of ECS conditions (ECS coverage - Elastic Security ECS field reference | Elastic Security Solution [7.16] | Elastic)
For example i would like to have a bar graph with all needed fields of the event taxonomy (category, type, outcome) in relation to all events. This should show whether the needed field are filled in (f.e. event.category:*) and whether the allowed values are filled in. Host-, authentification- and and network fields would be important too.

Is there a template that matches something like that?
The dashboard templates i found until now didn't realize this so i would be very thankful when someone would give me an advice.

ebeahan · January 25, 2022, 10:39pm

Hello, @zangero98!

I don't know of a dashboard template to show this type of ECS coverage. It is something the ECS team is still tracking. We're also always looking at better ways for users to validate their ingested data complies with ECS best practices.

Not a dashboard, but this blog post outlines an alternative solution using the security solution and detection rules. The examples from the piece are trying to solve the same problems you shared: missing fields or validating allowed values.

system · February 22, 2022, 10:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana Dashboard Template for ECS Kibana ecs-elastic-common-schema	2	956	February 7, 2022
Kibana ECS Dashboards Kibana	4	622	August 25, 2021
Elastic Common Schema and Logstash and Ingest node processing tagging Logstash ecs-elastic-common-schema	3	458	November 29, 2019
Dashboard community Kibana	5	810	November 4, 2020
ECS common schema taxonomies for other sources SIEM	2	501	May 14, 2020

ECS Quality Dashboard - ECS Coverage of LogSources

Related topics