Event Correlation

escrimaglia · December 19, 2020, 12:08am

Hi,

I’m testing ELK. So far it’s been very well sending logs from different platforms to elastic as well as indexing and creating views or graphs. My interest now is correlate event using all those logs entries. For example:

because I received so many interfaces resets, I would like elastic to tell me that there is an issue on that router.
or any security issue
or any custom rule: if an user is login in many different devices in a short period, then that user is doing some thing out of plan.

Wondering if there is some tool or module like this in elastic.

Thank you vary much

warkolm · December 29, 2020, 8:33pm

Welcome to our community!

You can run pattern analysis via the ML functionality, and there is the free SIEM that will help on the security front.

escrimaglia · December 29, 2020, 9:12pm

Thanks for your replay!!

what is ML functionality?. Besides, can you help me with some some info or documentation on Running pattern analysis?

br and thanks again

Ed

warkolm · December 29, 2020, 9:17pm

Check out https://www.elastic.co/elastic-stack/features#inference and the sections below it.

The ML docs are here - https://www.elastic.co/guide/en/machine-learning/current/index.html

system · January 26, 2021, 9:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Event Correlation Using ELK Elasticsearch	2	1419	December 19, 2019
Event Correlation on ELK SIEM	3	7561	September 23, 2019
SIEM Event correlation with Elasticsearch and Logstash Elasticsearch elastic-stack-security	4	4606	March 14, 2019
Event correlation in 7.7 SIEM elastic-stack-alerting	2	1493	June 18, 2020
ML \| Event Co-relation and Forecast Elasticsearch elastic-stack-machine-learning	5	512	October 30, 2018

Event Correlation

Related topics