Hello,
I'm sending threat feeds to elasticsearch from a linux machine.
I created a patern feeds index in kibana.
Logstash receives Fortinet logs continuously.
I created a patern fortinet index in kibana.
My goal is to detect in the fortinet logs:
malicious IPs
malicious DNS
malicious urls
...
How can I enrich the logstash configuration for malicious IP detection?
Will I be able to have a sample file configuration?
You probably want to use this filter - https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html - as you ingest your logs.
I am new to using Elastic.
I have already configured the parsing of fortinet logs. And I dropped it in / etc / logstash / cond
I will now want an example of an enrichment configuration file that will detect malicious IP, DNS, URLs in fortinet kibana logs
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.