Suricata-IDS and ELK

hack3rcon · October 12, 2020, 8:04am

Hello,
I have a Suricata-IDS server and I want to see the logs by ELK. I don't like to install the ELK package on my Suricata-IDS server. I want to know is "Beats" enough for my Suricata-IDS server? How can I harden "Betas"?

Thank you.

borna_talebi · October 12, 2020, 8:09am

Hi,

What do you mean by enough? I'm using it for my own Suricata-IDS and it works pretty good.

You could use SSL and Keystore so you don't have to save sensitive information in plain text.

hack3rcon · October 12, 2020, 2:30pm

As I said, I don't like to install any extra packages on Suricata-IDS server. Is "Beats" enough for sending logs to ELK on another server?

borna_talebi · October 12, 2020, 5:15pm

Sending logs to ELK on another server is what beats are made to do and they're doing it great! so yes they would be enough and you don't need to install any extra packages.

Topic		Replies	Views
Filebeat and ELK stack question Elasticsearch elastic-stack-security	2	356	April 26, 2021
ELK STACK - suricatas Beats beats-module , filebeat	2	336	June 10, 2022
Suricata Вопросы на русском языке	5	611	April 22, 2021
How do I adding Suricata events to Elasticsearch SIEM	8	1293	May 7, 2024
Suricata with ElasticStack Elasticsearch	2	2506	September 1, 2018

Suricata-IDS and ELK

Related topics