Send Suricata & Zeek logs to ElesticAgent

cisagov / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://cisagov.github.io/Malcolm/

Other

1.96k stars 327 forks source link

Send Suricata & Zeek logs to ElesticAgent #281

Closed devilman85 closed 1 year ago

devilman85 commented 1 year ago

Good evening. Is it possible to send Malcolm's suricata and zeek logs to the elk stack via elastic agent?

mmguero commented 1 year ago

I've not currently got a workflow or documentation to do what you're talking about. We do have this issue in progress (https://github.com/idaholab/Malcolm/issues/258) which should allow you to send to the ELK stack.