I am just trying to get some custom data into SIEM using Logstash reading a csv file. I have no trouble getting the data into Elastic Search but it does not show up in the SIEM dashboard. Even after I add the index under the default index for SIEM.
I think where I am going wrong is my data is not being mapped to the ECS. How would I go about mapping data to the ECS using logstash and reading in a csv file?
Thanks
I've been trying to track down a solid list of fields that the SIEM host and Network modules want, and haven't been able to. I have a good list of partials I've managed to extract from putting some data in with Filebeat, but it's far from complete. I'm sure there's a good list buried somewhere in the Kibana source, but I haven't been able to find it.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.