I want to enable the map which is present in SIEM app

Vishnu_mk · December 9, 2019, 6:06am

Hi ,
I am having Elasticsearch version 7.4, and in the SIEM app network section I want to enable the map present. I want to enable it through my own index , so i am doing ECS mapping of my index field

but when i convert my client_ip to geoip field using geoip filter, field corresponding to geoip gets created . I want my client_ip filed to be coverted to 'source.geo.location'
field since the 'MAP' in SIEM APP gets generated through this field.

system · January 6, 2020, 6:06am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to map already fields in a index to ECS fields in elasticsearch Elasticsearch	8	642	December 26, 2019
Mapping Internal Network for SIEM Network Map - Not showing Beats filebeat	3	369	October 7, 2020
Kibana SIEM application is not displaying proper AS and GeoIP fields SIEM	1	298	April 14, 2020
Maps are not showing data if logstash is used Logstash maps	13	1016	June 23, 2020
Configuring GeoIP information in Logstash for Kibana SIEM Network Map Logstash	1	284	May 13, 2020

I want to enable the map which is present in SIEM app

Related topics