Uploading third-party JSON output

We are looking to analyze client log data that is exported (as JSON) from third-party SIEM products.

Can this exported data be ingested as-is by Elastic SIEM and properly parsed? Or would we have to manually convert it back to its raw format or otherwise transform in order to have it properly ingested?

Elastic SIEM is "only" a Kibana feature. It's fully built on the assumption that your underlying data is structured in our ECS format.

While we have an alias datatype this won't fix any data types. IMO your best bet will be to ingest your data and change it to be in the ECS format (potentially with a Painless script in the ingestion pipeline or alternatively with Logstash if you're using that for moving data around).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.