I have configured ELKstack in my environment and it is working perfectly. I am able to get the reports and syslogs from all the devices on KIBANA interface. I also have Mcafee siem solution also configured in my environment for monitoring of some other devices.
My requirement is to send all the syslogs and report from all devices that i can see on kinana to mcafee siem also. So that i can monitor all the logs from Mcafee siem.
How are you ingesting logs into the Elasticsearch?
Beats, Logstash or your own solution?
If you are already using Logstash, then add another output which could be syslog if your mcafee product supports it and it should work.
Of course, there are no guarantees how the SIEM will parse the data.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.