You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello Onion community, I wanted to reach out because we have been given a task for our SO standalone instance that I feel should be relatively easy to implement but which I have been unable to make much progress on. I will add the caveat I am relatively new to the ELK stack, so any suggestions on how to best approach this task using those tools would be very much appreciated.
For context: our standalone instance currently ingests Syslog from a number of Fortinet devices at our network perimeter. Whenever the Fortinets generate a Syslog level one alert, it forwards those messages to our SO instance and adds to those messages the source IP address and source country of the traffic that generated the alert (e.g. srcip="x", srccountry="y"). I have created an Onion alert that triggers whenever such a message is received and this source/origin information from Fortinet is then visible in the event_data.message field in the SO GUI.
This brings me to our task: our CIO would like for us to be able to project the geographical information thus reported by the Fortinets onto a map in order to create a heatmap of global alert sources from our network perimeter. I have spent a lot of time in the Kibana GUI and documentation trying to find a way to visualize the information from event_data.message in this way, but none of the built-in visualizations or dashboards I have tried have worked so far. I haven't yet found a visualization that seems intended to work with this field in particular. I am wondering whether I am approaching the issue the wrong way and if I will need to take additional steps in Kibana or Logstash in order to process and visualize these messages in the desired way.
Has anyone attempted to use the ELK stack to visualize Syslog information like this? Am I coming at this task from the wrong angle, or is there something else I should try within Onion that would be more effective?
Any suggestions/advice you could offer would be greatly appreciated. I will do my best to respond promptly to any questions asked in the below thread.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Hello Onion community, I wanted to reach out because we have been given a task for our SO standalone instance that I feel should be relatively easy to implement but which I have been unable to make much progress on. I will add the caveat I am relatively new to the ELK stack, so any suggestions on how to best approach this task using those tools would be very much appreciated.
For context: our standalone instance currently ingests Syslog from a number of Fortinet devices at our network perimeter. Whenever the Fortinets generate a Syslog level one alert, it forwards those messages to our SO instance and adds to those messages the source IP address and source country of the traffic that generated the alert (e.g. srcip="x", srccountry="y"). I have created an Onion alert that triggers whenever such a message is received and this source/origin information from Fortinet is then visible in the event_data.message field in the SO GUI.
This brings me to our task: our CIO would like for us to be able to project the geographical information thus reported by the Fortinets onto a map in order to create a heatmap of global alert sources from our network perimeter. I have spent a lot of time in the Kibana GUI and documentation trying to find a way to visualize the information from event_data.message in this way, but none of the built-in visualizations or dashboards I have tried have worked so far. I haven't yet found a visualization that seems intended to work with this field in particular. I am wondering whether I am approaching the issue the wrong way and if I will need to take additional steps in Kibana or Logstash in order to process and visualize these messages in the desired way.
Has anyone attempted to use the ELK stack to visualize Syslog information like this? Am I coming at this task from the wrong angle, or is there something else I should try within Onion that would be more effective?
Any suggestions/advice you could offer would be greatly appreciated. I will do my best to respond promptly to any questions asked in the below thread.
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions