I am working on ELK currently, using the Apache httpd web server as a sample. I'm trying to match/correlate my apache access logs with signatures ( https://gist.github.com/xsscx/530fa25964f94e74d7c1 ). Can anyone help me figure out the approach to correlate access logs with the threat feed/signatures.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.