Hi all,
We're looking at the ELK stack as a possible SIEM solution. We need to be able to be GPG13 compliant with the SIEM. Obviously, we can build these queries ourselves but it would be a lot of dev work for each PMC etc. I was wondering if anyone knew of any pre-built queries for GPG?
Thanks
Can you share more info on GPG13 compliance?
It's a UK government for guideline for the protection of data. Has what they call PMCs (Protective Monitoring Controls) , which can be found here: http://protectivemonitoring.com/category/protective-monitoring-controls/
Obviously a SIEM won't cover all of them, as some of them aren't technical controls, but those that can we need to cover by the SIEM that we decide to choose so I was hoping there would be pre-made queries that we can add into Elasticsearch and then run reports on those queries, rather than "reinventing the wheel" as it were and writing them ourselves if it turns out there's already some out there.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.