we have a Qradar SIEM which we plan to extend to Elastic for threat hunting(Log Forwarding from Qradar to Elastic)
Has anyone found any success with it. Any known shortcomings/pitfalls from the setup.
we have a Qradar SIEM which we plan to extend to Elastic for threat hunting(Log Forwarding from Qradar to Elastic)
Has anyone found any success with it. Any known shortcomings/pitfalls from the setup.
QRadar can forward logs without any problem, you just need to choose how to forward it.
I do not use QRadar anymore, but I would recommend that you forward already in json to logstash, it will give you less work if need or want to transform your data before sending to elasticsearch.
thank you for your comment
Yes that do i want exactly but i don't know how i can do this.
Welcome to our community!
Please don't add unrelated tags to your topics in future
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.