Hi there,
I am new here and would like to clear some confusion. I would like to implement Netflow and IIS module (to capture IIS logs). Are those modules free and how can I implement them? Do I need ELK or SIEM for that? I am not looking for cloud or anything paid.
Please attach some documentation to install those and how they work.
Kind regards,
Sharjeel
P.S. I am really sorry if I am creating my first thread in the wrong category, please move it to the appropriate category. Thanks!
Hi @Sharjeel
The IIS and Netflow modules are modules included in Filebeat, please consult the Filebeat documentation here. It is easy to set up Filebeat and enable the modules in a test environment. In production you need to configure security e.g. protect your data transfer to Elasticsearch with TLS.
You need to collect the Filebeat data with Elasticsearch and analyse it with Kibana. Depending on your use case you may choose a free or a payed version of ELK.
I would recommend you to take a closer look at the Elastic Cloud offer. For sure it a payed service, but you get at lot of value, since you can concentrate on using your data instead of managing an ELK node/cluster.
Best regards
@fgjensen
Hello @fgjensen !
Thank you for your reply and for guiding me through. Could you please help me with the dashboard setup? It is really frustrating when it comes to setting up the dashboard. Please attach a guide if there is any.
Also, I have installed ELK but it says "License is not available." I installed the free one.
Kind regards,
Sharjeel
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.