Can SecureCircle integrate with Elastic (SIEM)?
  • 19 Oct 2020
  • 1 Minute To Read
  • Print
  • Share
  • Dark
    Light

Can SecureCircle integrate with Elastic (SIEM)?

  • Print
  • Share
  • Dark
    Light

While we have not previously integrated with Elastic's new SIEM product, we have previously integrated with ELK (Elasticsearch+Logstash+Kibana). The SecureCircle server is capable of producing syslog-compatible (both RFC 3164/BSD and 5424/IETF formats) output with JSON message bodies, which can be understood by the vast majority of SIEM platforms.

How can I parse the data with Elastic?

A logstash filter such as this can be used to parse the message body into fields:

filter {
    grok {
        overwrite => ["message"]
    }
    json {
     source => "message"
    }
}
Was This Article Helpful?