HI There,
Iam Elastic's SIEM for security analysis, but I would like to know if can add other datas to SIEM app, for example there are many logs sources sends syslog to my logstash .Can I have those logs as well in my Elastic SIEM. Because if i click on add data on the SIEM app it gives me only few options.
Any help would be really appreciable.
Thanks,
Raj
Hi Raj_Kumar,
If you want to add a new data source to the SIEM which you created what you want to do is to ensure you format your data in your index to be the ECS format:
https://www.elastic.co/guide/en/ecs/current/ecs-reference.html
Add then add that index to your advanced settings to siem:defaultIndex here:
Ensure to format as many of your ECS fields as you can for each of the UI pieces to pick it up.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
