Can SecureCircle integrate with Elastic (SIEM)?
  • 26 Mar 2021
  • 1 Minute to read
  • Dark
    Light
  • PDF

Can SecureCircle integrate with Elastic (SIEM)?

  • Dark
    Light
  • PDF

While we have not previously integrated with Elastic's new SIEM product, we have previously integrated with ELK (Elasticsearch+Logstash+Kibana). The SecureCircle server is capable of producing syslog-compatible (both RFC 3164/BSD and 5424/IETF formats) output with JSON message bodies, which can be understood by the vast majority of SIEM platforms.

How can I parse the data with Elastic?

A logstash filter such as this can be used to parse the message body into fields:

filter {
    grok {
        overwrite => ["message"]
    }
    json {
     source => "message"
    }
}

Was this article helpful?