Publish data to Elastic SIEM

sateeshkumarb · July 8, 2024, 9:30am

Hi,

I am trying to ingest some custom security event data (for which there is no Elastic integration) into Elastic SIEM. Looking at this chart:

it seems only way to do so is via Elastic agent.

However I can't install Elastic Agent and I am looking for a ways to publish the event to Elastic SIEM using the REST APIs provided by Elastic (say something like curl -X POST <elastic_url>/_bulk?pretty ). Is this possible ?
Or are there any alternative recommended ways to post security events to Elastic SIEM.

Any inputs are appreciated.

Thanks in advance,
sateesh

sateeshkumarb · July 8, 2024, 9:38am

From Endpoint Security to SIEM

lesio · July 8, 2024, 2:18pm

Certainly it's possible to write documents directly to Elasticsearch. You'll need to create API key in the stack to attach it as http header with each request.

Create API key API | Elasticsearch Guide [8.14] | Elastic

sateeshkumarb · July 8, 2024, 5:56pm

@lesio Thanks for your input, I will try it out. Since the data ingestion page didn't list Elastic APl as one of the possible modes for ingestion, I was bit unsure.

Thanks,
sateesh

system · August 5, 2024, 5:57pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ingest data to Elastic Security using third-party collectors configured to ship ECS-compliant data Elastic Security	1	222	May 20, 2022
Linux and Windows events ingestion Elastic Security	2	23	October 21, 2024
Possible to have elastic security read existing data/index? Elastic Security	8	348	August 31, 2021
Extraction Elastic SIEM security events SIEM	6	992	December 16, 2020
Integrate Events into Elastic SIEM SIEM	5	1149	April 19, 2020

Publish data to Elastic SIEM

Related Topics