Hi Folks
I configured elasticsearch and kibana for visualizate event from wazuh, now i want see this event into the module siem.
best regards
Hi Folks
I configured elasticsearch and kibana for visualizate event from wazuh, now i want see this event into the module siem.
best regards
Wazuh is completely unrelated to this forum. Wazuh events is created for their Wazuh Kibana App. If you want to use Elastic SIEM then you should ditch Wazuh, trying to use use both is counterintuitive.
If you want this, then you need to request this feature New Issue · elastic/ecs (github.com) , but high unlikely, due to Wazuh being almost a SIEM by itself.
The only thing I could think of is adding Wazuh agents and filebeat agents to each host, but that would be too much work for processing.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.