Elastic Stack v6.x to v7.x Configuration

shadow-box / Palo-Alto-Networks-ELK-Stack

Configuration for a Palo Alto Networks fed ELK Stack with Visualizations

74 stars 29 forks source link

Elastic Stack v6.x to v7.x Configuration #10

Open investlab opened 5 years ago

investlab commented 5 years ago

Dear Shadow-box I'm using Elastic Stack v7.x. So I can't use "traffic_template_mapping-v1.1.json" and "threat_template_mapping-v1.1.json". Can you help me update this template for Elastic Stack v7.x? Thankyou!

acecase commented 4 years ago

Anyone bumping in to this, it is probably because you are running elk 7+ punisherVX has posted updated versions of the json files. For me his traffic template worked out of the box, and his threat template just needed a small adjustment (remove the "default" block that starts on line 8) Hope it helps, and I hope sm-biz and shadow-box keep these things going. They're really nice.

Mangolinux commented 4 years ago

Thanks, I had to remove the "default" block from both files.

piellick commented 4 years ago

Work for me too without "default" block

josephtillman11 commented 3 years ago

Where can we find the updated files? Link?