Hey @adlp, welcome to discuss 
You would need to add an input with the path of the ModSecurity logs, look for example to the configuration in Filebeat to parse modsecurity json logs
In the same link you can see that parsing its contents can be a more complicated task.