filebeat ship all the logs to elasticsearch , in kibana i can able to see, but where can apply converted sigma rules? i am new to elk, please help.
If you want to index individual fields you have basically 2 options:
- Send your data trough filebeat in json format.
- Send your data from filebeat to logstash and write filters for your data and send it to Elasticsearch
There will be other methods but those are the most basic as the come.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.