Ingest data to Elastic Security using third-party collectors configured to ship ECS-compliant data

Hi,
In Ingest data to Elastic Security | Elastic Security Solution [8.1] | Elastic, it is mentioned that data can be ingested to Elastic Security using third-party collectors configured to ship ECS-compliant data.
What could be the best approach to directly send data to an Elastic Security SIEM using an AWS lambda instance? Would this process be an options?

  • Use a cloud API/API keys for authentication
  • Wrap ECS fields in a format used by Logstash
  • Send the wrapped fields to an Elastic Endpoint Security instance
    Kind regards,

Moacir

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.