giraldo925
commented
6 years ago Check the HTTP, SSL/TLS,DNS, and Suricata Alerts dashboards when you get a chance. Let me know if there's anything else you want to add to the dashboards/new visualizations the team might want.
I am working on fixing the exporting out and importing back in with a standard index pattern id (this is the issue Markus was running into). Also working on GEO-IP integration to create a map dashboard.
Standard dashboards must be created across Bro and Suricata. For Bro implement dashboards for the following:
HTTP SSL/TLS DNS Files
For Suricata implement frequent alarms
GEO-IP should be implemented as well in Logstash and the dashboards.
Work towards standardizing fields across the two tools so field names are named the same thing.
https://www.elastic.co/guide/en/elasticsearch/reference/current/indices-aliases.html