HI There,
Iam Elastic's SIEM for security analysis, but I would like to know if can add other datas to SIEM app, for example there are many logs sources sends syslog to my logstash .Can I have those logs as well in my Elastic SIEM. Because if i click on add data on the SIEM app it gives me only few options.
Any help would be really appreciable.
Thanks,
Raj
Hi Raj_Kumar,
If you want to add a new data source to the SIEM which you created what you want to do is to ensure you format your data in your index to be the ECS format:
https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
Add then add that index to your advanced settings to siem:defaultIndex here:
Ensure to format as many of your ECS fields as you can for each of the UI pieces to pick it up.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
