Hi there,
I am trying out Elastic Siem 7.7 with Auditbeat 7.7 on Red Hat 7.6 and I have a few questions.
Is SIEM data available only when I set Auditbeat output to elasticsearch? I try output to logstash->elasticsearch and the stats are available in the discovery dashboard but not in SIEM dashboards.
Can I sent auditbeat outputs to both both elasticsearch and logstash? Seems I can't do that.
When I sent Auditbeat data to elasticsearch output, how do i customise the index name? I try setting "index", "setup.template.name" and "setup.template.pattern" in auditbeat.yml but it does not seem to work. Must I have an existing index tempate with the same name?
Thanks a million...
CK