I Want to Using IPS, Anti Virus etc.. log in Elastic Siem
is it possible using this log???
i want security log to logstash -> ElasticSiem and make Correlation rules
Hi 남진 김 ,
If you are sending in the logs via Logstash, you can set your Logstash index pattern to be available in the SIEM by going to the "Stack Management" section of Kibana, and then scrolling down to the "Security Solution" or "SIEM" section (depending on what version of Kibana you are on) and modify the "Elasticsearch Indices" section to include the indexes you are sending the IPS and Anti Virus logs that you mention.
If the data is being sent in via Logstash then just make sure that the setting above has logstash* listed in the available index patterns for the setting.
Let me know if that works for you or if you have further questions!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.