rocknsm / rock-dashboards

Dashboards and loader for ROCK NSM dashboards
http://rocknsm.io
Apache License 2.0
47 stars 17 forks source link

Suricata to populate SIEM #53

Closed peasead closed 4 years ago

peasead commented 4 years ago

Updated the Suricata alert Logstash pipeline to populate the SIEM External Alert visualization.

Updated the Suricata dashboards to reflect the new data pipeline. This was tested using this repo and the import shell script.

On a pre-built ROCK sensor, I had to refresh the index patterns, but I'm not sure if these are integrated into the build, that will be required. Interested to test this in the Test ISO.