MISP data in elasticsearch (filebeat)

zuzusa · July 23, 2021, 2:00pm

Hi together,

I am currently using a MISP in combination with elasticsearch. My goal is to have all events from the MISP also within elasticsearch.

Currently the import of the MISP events to the elasticsearch is done via a filebeat (modules.d/misp). Generally the transfer of the MISP events seems to work well.

However, there is one problem: It seems that the filebeat does not transfer the historical events (the ones that were already present in the MISP before the start). So only events that run into the MISP when the filebeat is active are transferred.

Is there a possibility to transfer all data from the MISP?

Thanks,

ChrsMark · July 26, 2021, 11:23am

Hi!

I don't see any configuration setting that could provide that option. Could you open a GH issue for this enhancement request so as to have the team evaluate this feature?

C.

system · August 23, 2021, 11:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.