Hey all - I learned of ELK recently while attending a SANS Institute webinar. It was mentioned in passing by the sponsor of the webcast, which was devoted to building a threat intelligence system from scratch.
So I'm investigating, but there is a lot of info, and I'm not sure where to start.
Basically our situation is that we monitor a high volume of managed firewalls. Part of that is to watch IPS, Anti-Virus, and Informational alerts that come to our team via email, all day, all night. We rotate shifts of people who are responsible for monitoring the mailbox, but also for pulling data out of those alerts when we notice patterns, trends, IoC's - things of concern. But we're currently just logging this information into a complex spreadsheet.
So that's our use case - any suggestions? Any direction on where a good place to start is?