You were right.
As a result of checking,
syslogs of other devices are also received by filebeat from the host where suricata is installed, so all of them are checked like suricata logs.
Thank you.
If the host information is modified, it is determined that the event can be checked in siem.
And is there a way to modify the name of other equipment such as suricata, my WAF, IPS instead of Network in overview and OOOBeat of Host?
Does this part refer to agent.type and event.module?