I'm interested in hearing peoples experiences of using ELK, particularly for monitoring things for compliance and whether there are any good pre-formatted "templates" out there for common functions and community databases of them? I've never touched it before!
I've been dumping things out to Graylog for a year now, it's been solid, search is good, but I put the dashboards in place based of community templates that are just no longer maintained, it feels a little dated now too, plus my head is so far out of that space now, it feels time for something fresh.
Something that is visually pleasing for management reporting could be a major advantage.
Predominantly I'm looking at:-
Edit - I suspect this may have been better in the enterprise forums now? If it needs moving let me know!
I've been dumping things out to Graylog for a year now, it's been solid, search is good, but I put the dashboards in place based of community templates that are just no longer maintained, it feels a little dated now too, plus my head is so far out of that space now, it feels time for something fresh.
Something that is visually pleasing for management reporting could be a major advantage.
Predominantly I'm looking at:-
- Cisco FTD/Firepower logs - Common things such as number of severity alerts, volume of traffic from IPs, popular ports etc. I know some of this can be retrieved from Firepower itself but I'm conscious we may be moving away from the platform so am wanting to take that into consideration.
- Windows Logs - Security logs, locked out accounts, failed login attempts, created accounts, disabled accounts etc. The usual stuff.
- Custom Logs - Consolidation of logs from various web based development platforms
- Anything SIEM, would be a huge bonus!
Edit - I suspect this may have been better in the enterprise forums now? If it needs moving let me know!