Contents x
Can SecureCircle integrate with Elastic (SIEM)?
  • 19 Oct 2020
  • 1 Minute to read
  • Print
  • Dark
    Light
  • PDF
Contents

Can SecureCircle integrate with Elastic (SIEM)?

  • Updated on 19 Oct 2020
  • 1 Minute to read
  • Print
  • Dark
    Light
  • PDF

While we have not previously integrated with Elastic's new SIEM product, we have previously integrated with ELK (Elasticsearch+Logstash+Kibana). The SecureCircle server is capable of producing syslog-compatible (both RFC 3164/BSD and 5424/IETF formats) output with JSON message bodies, which can be understood by the vast majority of SIEM platforms.

How can I parse the data with Elastic?

A logstash filter such as this can be used to parse the message body into fields:

filter {
    grok {
        overwrite => ["message"]
    }
    json {
     source => "message"
    }
}
Was this article helpful?
What's Next
SecureCircle delivers a SaaS-based cybersecurity service that extends Zero Trust security to data on the endpoint. At SecureCircle, we believe frictionless data security drives business value for our customers. Instead of relying on complex reactive measures, we simply secure data persistently in transit, at rest, and even in use. End users operate without obstacles, while data is continuously secured against breaches and insider threats.
Company
Collateral
Resources
Support
Connect With Us
Sales
Copyright © 2021 SecureCircle LLC. All Rights Reserved