I am sending logs from my firewall/home-router(UDM) to rsyslog and copying the logs in Logstash directory. I can see the data in discover and can create visualizations/Dashboard from that data. But the security section in Kibana does not seem to use that data and still asking to add data. How can i use my firewall logs in Security section.
See this page for the minimum set of fields needed in your data for it to "work" with the vario0us tabs of the SIEM app:
and within Stack Management > Advanced Settings, make sure your indices are included under Security Solution > Elasticsearch indices
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.