ghost
commented
3 years ago Hi,
Seconding this query. I'd like to leverage logs from a suricata instance on my network for threat hunting via HELK. In theory I assume I'd direct the Suricata logs to Elasticsearch - however it doesn't look like the Elasticsearch running via Docker (I chose install option 3) is set to listen on any external network interface, unlike Kibana. Clarification around why this is and the best way to use Suricata logs with HELK would be appreciated.
neu5ron
Hi!
It is possible to send suricata logs via Filebeat?