Hello,
I'm sending threat feeds to elasticsearch from a linux machine.
I created a patern feeds index in kibana.
Logstash receives Fortinet logs continuously.
I created a patern fortinet index in kibana.
My goal is to detect in the fortinet logs:
malicious IPs
malicious DNS
malicious urls
...
How can I enrich the logstash configuration for malicious IP detection?
Will I be able to have a sample file configuration?