Event Correlation Using ELK


I have installed and configured all the ELK stack and i am also able to capture all the logs.

Now i need to correlate the logs coming from different sources ex. Firewall, switches, Syslog and Operating sytems In order to identify which component is under attack or need attention.

Is there any plugin, component or configuration available that can help me to correlate the events.

for example : port scan identify, ping floods, syn floods etc.

any help would be appreciated.


Sounds like a tease for Elastic's SIEM

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.