Updated the Suricata alert Logstash pipeline to populate the SIEM External Alert visualization.
Updated the Suricata dashboards to reflect the new data pipeline. This was tested using this repo and the import shell script.
On a pre-built ROCK sensor, I had to refresh the index patterns, but I'm not sure if these are integrated into the build, that will be required. Interested to test this in the Test ISO.
Updated the Suricata alert Logstash pipeline to populate the SIEM External Alert visualization.
Updated the Suricata dashboards to reflect the new data pipeline. This was tested using this repo and the import shell script.
On a pre-built ROCK sensor, I had to refresh the index patterns, but I'm not sure if these are integrated into the build, that will be required. Interested to test this in the Test ISO.