I know that many people use Kibana to collect security logs, but do you upload them to any IDS to catch suspicious ones and alert about them? If so, which IDS do you use?
Asked
Active
Viewed 75 times
1 Answers
0
I am not following to surely here, however IDS logs are read by filebeat/logstash, send and indexed into Elasticsearch which then you can use Kibana (the GUI) where you can query the indexed data, make visualisations and dashbaords.
Elastics Kibana can have alerting setup given parameters that you set. https://www.elastic.co/products/stack/alerting And you also have thresholds and conditions. https://www.elastic.co/guide/en/kibana/current/watcher-create-threshold-alert.html
jklmnop
- 86
- 2