Event Correlation Using ELK


I have installed and configured all the ELK stack and i am also able to capture all the logs.

Now i need to correlate the logs coming from different sources ex. Firewall, switches, Syslog and Operating sytems In order to identify which component is under attack or need attention.

Is there any plugin, component or configuration available that can help me to correlate the events.

for example : port scan identify, ping floods, syn floods etc.

any help would be appreciated.


Sounds like a tease for Elastic's SIEM