Can SecureCircle integrate with Elastic (SIEM)?
- 19 Oct 2020
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
Can SecureCircle integrate with Elastic (SIEM)?
- Updated on 19 Oct 2020
- 1 Minute to read
-
Print
-
DarkLight
-
PDF
While we have not previously integrated with Elastic's new SIEM product, we have previously integrated with ELK (Elasticsearch+Logstash+Kibana). The SecureCircle server is capable of producing syslog-compatible (both RFC 3164/BSD and 5424/IETF formats) output with JSON message bodies, which can be understood by the vast majority of SIEM platforms.
How can I parse the data with Elastic?
A logstash filter such as this can be used to parse the message body into fields:
filter {
grok {
overwrite => ["message"]
}
json {
source => "message"
}
}
Was this article helpful?