Has anyone had any success setting up Logstash to output directly to a LogRhythm SIEM?
If so can you provide some information as to the types of outputs you used for:
HTTP(S) - I'm currently using packetbeat
DNS - I'm currently using packetbeat
Windows Events - I'm currently using winbeat
My output today is currently syslog, but when I look at the logs on the SIEM they're not complete.
On another note does anyone know of any consulting companies out there that do this type of custom work? SIEM architecture/deployments involving Logstash and a commercial SIEM?
Thanks in advance .