Please bare with me as I am completely new to Elastic and trying to understand how to use it properly. I also am at the beginning of really learning cyber security.
My understanding on these modules is that Filebeat will reach out to these sites and retrieve rules, security scanning configurations, dashboards, etc… that will then run against and help scan and find threats against the data that is put into Elasticsearch.
I have read the documentation on installing filebeat and enabling the threat intel modules. I thought I have enabled them correctly, but I do not see any dashboards downloaded to confirm they are installed (or configured correctly).
I also noticed that if I go to the integrations page the modules appear to be there as well.
So I am confused on if I need to go through all the command line and yml configuration changes manually or can I just click on the “Add (ex. Add abuse.ch, Add AlienVault OTX, Add Anomali, etc.) button from the integrations section and this will make all the confiuration changes needed? or is this integrations “add” button just to download the dashboards? or am I just more confused about this whole thing than I really know about?
Thanks for any help or explanation.