The error on the map is "The Source Point and Destination Point no results found"
and
SIEM-Network-Flows: Autonomous system, Bytes in, Bytes out....no items displayed
Discover error-firewall logs
1 Like
Hi @Lin2020
You have to make sure fields of your logs are mapped correctly to the ECS schema with the right mapping,
Here is the reference to the source & destination fields of the ECS schéma
You can use logstash geoip filter to add ASN infos about src/dst IP
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.