How to create a Security Rule (SIEM) for Custom Logs Integration

Hi Team,

I have setup Custom Logs Integration and able to create rules for observability. but rules are not working for Security dashboard.

sample log

2023-07-26T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status

pattern

[
  {
    "dissect": {
      "field": "message",
      "pattern": "%{@timestamp}  %{log.level} %{number} --- [%{thread_name}] %{class} : %{message}"
    }
  },
  {
    "date": {
      "field": "@timestamp",
      "formats": [
        "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
      ]
    }
  }
]

Any documentation or if you can guide me what needs to be done.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.