MISP data in elasticsearch (filebeat)

zuzusa · July 23, 2021, 2:00pm

Hi together,

I am currently using a MISP in combination with elasticsearch. My goal is to have all events from the MISP also within elasticsearch.

Currently the import of the MISP events to the elasticsearch is done via a filebeat (modules.d/misp). Generally the transfer of the MISP events seems to work well.

However, there is one problem: It seems that the filebeat does not transfer the historical events (the ones that were already present in the MISP before the start). So only events that run into the MISP when the filebeat is active are transferred.

Is there a possibility to transfer all data from the MISP?

Thanks,

ChrsMark · July 26, 2021, 11:23am

Hi!

I don't see any configuration setting that could provide that option. Could you open a GH issue for this enhancement request so as to have the team evaluate this feature?

C.

system · August 23, 2021, 11:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat MISP module refresh Beats beats-module , filebeat	12	892	January 6, 2021
MISP objects cannot be stored in Elastic & Kibana Beats filebeat	1	250	October 7, 2021
Filebeats to Elasticsearch directly? Beats filebeat	2	299	September 5, 2019
Filebeat: MISP automation Beats filebeat	1	224	April 4, 2022
Understanding PacketBeat transfer data Beats	3	733	July 5, 2017

MISP data in elasticsearch (filebeat)

Related topics