Elastic Stack for SIEM(Elastic Security)

Hello, I am noob in Elastic.

We planning to use Elastic Security for MSSP.

3 nodes of Elastic will be in private datacenter and our customer's logs will send by VPN.

The question: I don't know how to forward data from customer side to my cluster.

  1. Should I use Logstash with Beats?
  2. My colleague says that we can use Elastic Agents and it will be much easier... but I didn't find any information about what is better or right to use...

Hi @Aliya_Khalel

It really depends on what you're trying to accomplish depending on The specifics of your use case.

Both are valid approaches.

But in short, if you're just getting started, I would recommend
starting with the Elastic Agent.

Elastic agent has some nice features such as being able to upgrade from a central console, hundreds of out of the box integrations and it's the way elastic is moving forward in the future.

It also includes elastic defend which is the endpoint security capabilities If you choose to configure that.

Here is a bit of a comparison.

Get started and come back with detailed questions.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.