In Ingest data to Elastic Security | Elastic Security Solution [8.1] | Elastic, it is mentioned that data can be ingested to Elastic Security using third-party collectors configured to ship ECS-compliant data.
What could be the best approach to directly send data to an Elastic Security SIEM using an AWS lambda instance? Would this process be an options?
- Use a cloud API/API keys for authentication
- Wrap ECS fields in a format used by Logstash
- Send the wrapped fields to an Elastic Endpoint Security instance