Hello, I am noob in Elastic.
We planning to use Elastic Security for MSSP.
3 nodes of Elastic will be in private datacenter and our customer's logs will send by VPN.
The question: I don't know how to forward data from customer side to my cluster.
It really depends on what you're trying to accomplish depending on The specifics of your use case.
Both are valid approaches.
But in short, if you're just getting started, I would recommend
starting with the Elastic Agent.
Elastic agent has some nice features such as being able to upgrade from a central console, hundreds of out of the box integrations and it's the way elastic is moving forward in the future.
It also includes elastic defend which is the endpoint security capabilities If you choose to configure that.
Here is a bit of a comparison.
Get started and come back with detailed questions.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.