Hii Everyone,
I am trying to map the fields used in my index to the ECS fields so that it gets populated in the SIEM APP. I have mapped fields like username , hostname and event action with the ECS fields and its getting populated in the SIEM App.
Basically I want all the fields used in the SIEM APP , So that I can map and populate my fields in SIEM APP.
Hi! Your best bet there is to populate as many of the ECS fields as possible.
Note that you can also use the inspect button in the SIEM app to figure out more data sources that you could start monitoring.
Thanks @webmat
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.