Specific steps to build monitoring and siem with elk

Hi
I'm kinda new to whole siem and elk things and before i managed to setup monitoring with splunk
cracked enterprise edition and there all was simple as forwarding data from netflow ,syslog ,snmp
and defining new field then manipulate date with some functions and making dashboard
BUT
it's been a week that I'm consulting elk and wazuh to receive syslog and netflow from pfsense to initiate setup and what i found some nonsense articles that point me to make filter and rules ....(idk)
what i wanna do is to forward pfsense log and netflow ,cisco devices log and snmp ,windows server and client and linux servers suricata logs to elk (and wazuh )to make custom and predefined dashboards for monitoring
would you plz explain me step to take for setup?
TNX :slightly_smiling_face:

or at least point me somewhere to learn more...

I'd look at some of the free trainings we have:

Are you using Wazuh? Because Wazuh uses "Open Distro for Elasticsearch" so you should look for that community.

WAZUH

Open Distro for Elasticsearch

I have made some blogs posts that could help you :laughing: - https://songer.pro

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.