Event Correlation Using ELK

AnshuPal · November 20, 2019, 8:11pm

Hello,

I have installed and configured all the ELK stack and i am also able to capture all the logs.

Now i need to correlate the logs coming from different sources ex. Firewall, switches, Syslog and Operating sytems In order to identify which component is under attack or need attention.

Is there any plugin, component or configuration available that can help me to correlate the events.

for example : port scan identify, ping floods, syn floods etc.

any help would be appreciated.

Thanks
Anshu

rugenl · November 21, 2019, 3:10am

Sounds like a tease for Elastic's SIEM

system · December 19, 2019, 3:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Event Correlation on ELK SIEM	3	7561	September 23, 2019
Getting event correlation of log data across different systems using elasticsearch Elasticsearch	1	1721	July 26, 2017
Event Correlation Elasticsearch	4	1000	January 26, 2021
Can we consolidate or correlate simliar incidents Elastic Security timelion	4	296	December 11, 2023
Totally new at ELK need a super fast start Elasticsearch	3	784	July 5, 2017

Event Correlation Using ELK

Related topics