I installed ELK, sending logs to ElasticSearch and display the results on Kibana.
But I do not know how to correlate the information.
What do you use how free tool for correlation? I tried Watcher, but he is paying. I also tested SEC, but I can only take data .txt files but no ElasticSearch, ie localhost: 9200.
Thank you in advance for your help,
What sort of correlation?
Have you seen https://github.com/elastic/timelion?
Thank you for your answer warkolm. I do not know Timelion, I'll watch what he does.
Otherwise, I use Juniper and Cisco input logs. And I try to correlate attack bruteforce, admin login, port scans, connections from unknown IP ... There is no correlation module in Kibana by conséquant, I'm confused.
How to connect SEC with ElasticSearch? Or what tool do you use for correlations?