Event Correlation

escrimaglia · December 19, 2020, 12:08am

Hi,

I’m testing ELK. So far it’s been very well sending logs from different platforms to elastic as well as indexing and creating views or graphs. My interest now is correlate event using all those logs entries. For example:

because I received so many interfaces resets, I would like elastic to tell me that there is an issue on that router.
or any security issue
or any custom rule: if an user is login in many different devices in a short period, then that user is doing some thing out of plan.

Wondering if there is some tool or module like this in elastic.

Thank you vary much

warkolm · December 29, 2020, 8:33pm

Welcome to our community!

You can run pattern analysis via the ML functionality, and there is the free SIEM that will help on the security front.

escrimaglia · December 29, 2020, 9:12pm

Thanks for your replay!!

what is ML functionality?. Besides, can you help me with some some info or documentation on Running pattern analysis?

br and thanks again

Ed

warkolm · December 29, 2020, 9:17pm

Check out https://www.elastic.co/elastic-stack/features#inference and the sections below it.

The ML docs are here - https://www.elastic.co/guide/en/machine-learning/current/index.html

system · January 26, 2021, 9:17pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.