Document log shipping of alerts to Opensearch

CERN-CERT / pDNSSOC

Leveraging MISP indicators via a pDNS-based infrastructure as a poor man’s SOC.

MIT License

49 stars 5 forks source link

Document log shipping of alerts to Opensearch #14

Closed arvchristos closed 1 year ago

arvchristos commented 1 year ago

We are currently writing alerts to a specific directory correlation.output_dir in JSON lines format. These alerts can be shipped to different logging solutions (e.g. Opensearch, Splunk).

We need to document examples of log shipping configuration.

arvchristos commented 1 year ago

An example on how to send logs to OpenSearch has been introduced in the docker-compose file files/docker/docker-compose.yml.