You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am a student and trying to setup the SOC system using open source tools as per the tutorial provided.
I am facing challenge in adding the fields in the shuffle which i want to see in the the various trigger apps. For example if I am configuring that when an alert is triggered a message should be posted in the SIEM solution. However I am unable to understand how did you get the field name. I read the comments and I see you mentioned something about parsing with mustache format which i did not understand. Nor was I able to locate the video for parsing the logs.
I have setup the Elasticsearch, kibana and fleet. Also loaded the default rules. Please guide me what should I select for getting information like rule name and number of alerts etc. Also if i need to parse the logs and if yes then how do I do it.
Please help as soon as you can.
Regards,
The text was updated successfully, but these errors were encountered:
Hi Team,
I am a student and trying to setup the SOC system using open source tools as per the tutorial provided.
I am facing challenge in adding the fields in the shuffle which i want to see in the the various trigger apps. For example if I am configuring that when an alert is triggered a message should be posted in the SIEM solution. However I am unable to understand how did you get the field name. I read the comments and I see you mentioned something about parsing with mustache format which i did not understand. Nor was I able to locate the video for parsing the logs.
I have setup the Elasticsearch, kibana and fleet. Also loaded the default rules. Please guide me what should I select for getting information like rule name and number of alerts etc. Also if i need to parse the logs and if yes then how do I do it.
Please help as soon as you can.
Regards,
The text was updated successfully, but these errors were encountered: