I am trying to ingest some custom security event data (for which there is no Elastic integration) into Elastic SIEM. Looking at this chart:
it seems only way to do so is via Elastic agent.
However I can't install Elastic Agent and I am looking for a ways to publish the event to Elastic SIEM using the REST APIs provided by Elastic (say something like curl -X POST <elastic_url>/_bulk?pretty ). Is this possible ?
Or are there any alternative recommended ways to post security events to Elastic SIEM.
Certainly it's possible to write documents directly to Elasticsearch. You'll need to create API key in the stack to attach it as http header with each request.
@lesio Thanks for your input, I will try it out. Since the data ingestion page didn't list Elastic APl as one of the possible modes for ingestion, I was bit unsure.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.