How to create a Security Rule (SIEM) for Custom Logs Integration

Nishant_Chauhan · July 26, 2023, 3:51pm

Hi Team,

I have setup Custom Logs Integration and able to create rules for observability. but rules are not working for Security dashboard.

sample log

2023-07-26T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status

pattern

[
  {
    "dissect": {
      "field": "message",
      "pattern": "%{@timestamp}  %{log.level} %{number} --- [%{thread_name}] %{class} : %{message}"
    }
  },
  {
    "date": {
      "field": "@timestamp",
      "formats": [
        "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'"
      ]
    }
  }
]

Any documentation or if you can guide me what needs to be done.

system · August 23, 2023, 3:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Inserting Custom Logs Into Siem SIEM	1	298	September 1, 2023
Custom Rules not working SIEM elastic-stack-alerting	8	1468	January 13, 2021
Issue with rules creation SIEM detection-rules	15	1713	May 5, 2022
Threat Intel and SIEM SIEM	3	4109	December 15, 2020
Signal SIEM Detections using log files SIEM	5	429	May 23, 2020

How to create a Security Rule (SIEM) for Custom Logs Integration

Related Topics