Integration with Elasticsearch with only Zeek Suricata and logstatsh installed #11199
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Uh oh!
There was an error while loading. Please reload this page.
-
Hi Team,
I already have a ELK SIEM running in my network and I have been asked to work on NBAD so that network logs can be ingested in SIEM. I am exploring SO and think it could the best solution in my setup. However when I tried installing SO all the components gets installed by default.
I need only zeek, suricata, strelka and logstash filebeat to be enabled so that logs then can be shipped to my existing SIEM.
I wonder how do I enable only those components and disable rest of the components? That would save the resources on my NBAD server.
Plus what configuration do I need to modify so that I could ship the network metada and IDS logs can be sent to my ELK on port 9200?
TIA
Blason R
Beta Was this translation helpful? Give feedback.
All reactions