It would be very useful to simply specify in the config file that I want alerts to ship out via syslog or just give it an Elasticsearch API endpoint to send data to - either way I'd like to play around with getting these alerts and metadata into a Security Onion instance. I know this is something that could probably be easily hobbled together on the API server but nonetheless would be nice to see OOB.
It would be very useful to simply specify in the config file that I want alerts to ship out via syslog or just give it an Elasticsearch API endpoint to send data to - either way I'd like to play around with getting these alerts and metadata into a Security Onion instance. I know this is something that could probably be easily hobbled together on the API server but nonetheless would be nice to see OOB.