Hello,
I'm sending threat feeds to elasticsearch from a linux machine.
I created a patern feeds index in kibana.
Logstash receives Fortinet logs continuously.
I created a patern fortinet index in kibana.
My goal is to detect in the fortinet logs:
malicious IPs
malicious DNS
malicious urls
...
How can I enrich the logstash configuration for malicious IP detection?
Will I be able to have a sample file configuration?
You probably want to use this filter - https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html - as you ingest your logs.
I am new to using Elastic.
I have already configured the parsing of fortinet logs. And I dropped it in / etc / logstash / cond
I will now want an example of an enrichment configuration file that will detect malicious IP, DNS, URLs in fortinet kibana logs
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.