Elasticsearch Security - Asking for Data

edvrfn · April 25, 2021, 12:16pm

I am sending logs from my firewall/home-router(UDM) to rsyslog and copying the logs in Logstash directory. I can see the data in discover and can create visualizations/Dashboard from that data. But the security section in Kibana does not seem to use that data and still asking to add data. How can i use my firewall logs in Security section.

Jason_Slater · April 25, 2021, 2:51pm

See this page for the minimum set of fields needed in your data for it to "work" with the vario0us tabs of the SIEM app:

and within Stack Management > Advanced Settings, make sure your indices are included under Security Solution > Elasticsearch indices

Topic		Replies	Views
Elasticsearch SIEM Dashboard SIEM	2	455	March 29, 2020
Security not appear data SIEM	3	472	May 24, 2021
How to ingest firewall log data to elastic security Elastic Security	3	1151	February 28, 2023
After applied the tutorial "Getting start with Elasticsearch security" Logstash receive Syslog data but Kibana can’t show it Logstash elastic-stack-security	4	390	December 28, 2020
SIEM doesn't display data but welcome page Elastic Security docker	3	380	March 22, 2022

Elasticsearch Security - Asking for Data

Related topics