Publish data to Elastic SIEM

sateeshkumarb · July 8, 2024, 9:30am

Hi,

I am trying to ingest some custom security event data (for which there is no Elastic integration) into Elastic SIEM. Looking at this chart:

it seems only way to do so is via Elastic agent.

However I can't install Elastic Agent and I am looking for a ways to publish the event to Elastic SIEM using the REST APIs provided by Elastic (say something like curl -X POST <elastic_url>/_bulk?pretty ). Is this possible ?
Or are there any alternative recommended ways to post security events to Elastic SIEM.

Any inputs are appreciated.

Thanks in advance,
sateesh

lesio · July 8, 2024, 2:18pm

Certainly it's possible to write documents directly to Elasticsearch. You'll need to create API key in the stack to attach it as http header with each request.

Create API key API | Elasticsearch Guide [8.14] | Elastic

sateeshkumarb · July 8, 2024, 5:56pm

@lesio Thanks for your input, I will try it out. Since the data ingestion page didn't list Elastic APl as one of the possible modes for ingestion, I was bit unsure.

Thanks,
sateesh

Topic		Replies	Views
Ingest data to Elastic Security using third-party collectors configured to ship ECS-compliant data Elastic Security	1	235	May 20, 2022
Send Index Data (data) from Elasticsearch to External Server SIEM Elasticsearch	1	401	March 19, 2018
How can i send logs from Elastic to another SIEM? Logs	8	1710	August 23, 2023
Elastic SIEM - Adding more data SIEM	2	862	January 14, 2020
[Custom API] Integration via GUI SIEM	1	33	February 20, 2026

Publish data to Elastic SIEM

Related topics