Logstash Downloads
Download Now

Description

The openSIEM project has developed a couple of Logstash Parsing rules. 

The overhead of implementing Logstash parsing and applying Elastic Common Schema (ECS) across audit, security, and system logs can be a large drawback when using Elasticsearch as a SIEM (Security Incident and Event Management). The Cargill SIEM team has spent significant time on developing quality Logstash parsing processors for many well-known log vendors and wants to share this work with the community. In addition to Logstash processors, openSIEM has also included log collection programs for API-based log collection, as well as the setup scripts used to generate pipeline-to-pipeline architecture.

List of sources

api log application oci.object
api log audit aws.cloudtrail
api log audit aws.ghe
api log audit oci.audit
api log audit okta
api log audit syncplicity.adm report
api log audit syncplicity.usr report
api log network aws.vpcflow
api log network oci.vcn
api log security aws.guardduty
api log security azure.atp
api log security azure.graph api
api log security azure.graph identity protection api
api log security azure.mcas alerts
api log security azure.o365 dlp
api log security jamf.protect
api log security mcafee.mcp v5
api log security misp.metrics
api log security oci.cloudguard
api log security proofpoint.pod email gateway
api log security proofpoint.siem api clicks
api log security proofpoint.siem api message
api log security scorecard.events
atlassian jira
atlassian jira audit
db log audit citrix.session
event hub log audit azure.event hub audit
event hub log audit azure.event hub operational
event hub log audit azure.event hub signin
event hub log audit o365.dlp
event hub log audit o365.msg.trkg eventhub
event hub log security azure.event hub
event hub log security azure.event hub atp
flat file log audit ansible
flat file log audit apache.access
flat file log audit apache.error
flat file log audit exchange.2016.msg.trkg
flat file log audit iis
flat file log audit microsoft.iis.w3c
flat file log audit mwg.proxy
flat file log audit pingfederate
flat file log audit riverbed.amauth
flat file log audit riverbed.audit
flat file log audit riverbed.opnetreport
flat file log audit riverbed.scportal
flat file log audit riverbed.stdout
flat file log audit riverbed.vnes analytics
flat file log security windows.exported security events
ftp gzip log audit infoblox dns
log audit apache
log security preempt monthly
logstash virtustream linux forwarder
logstash virtustream windows forwarder
push api list inventory forescout
syslog audit linux rsyslog
syslog list inventory tanium
syslog log audit a10.proxy
syslog log audit accellion.sft
syslog log audit checkpoint.fw
syslog log audit checkpoint.operations
syslog log audit cisco.aci
syslog log audit cisco.dna
syslog log audit cisco.mso
syslog log audit cisco.prime
syslog log audit cisco.router
syslog log audit cisco.switch
syslog log audit cisco.wireless.ap
syslog log audit cisco.wireless.bridge
syslog log audit cisco.wireless.control.system
syslog log audit citrix.netscaler
syslog log audit f5.big.ip.gtm.dns
syslog log audit f5.big.ip.ltm
syslog log audit infoblox
syslog log audit lieberman.random.pass.mgr
syslog log audit linux.host
syslog log audit linux.redhat
syslog log audit meraki.router
syslog log audit mpki.cmpv2
syslog log audit riverbed.netim weekly
syslog log audit rsa.auth
syslog log audit spectracom.ntp
syslog log audit tenable.nessus scanner
syslog log audit tenable.security center
syslog log audit ubiquiti.controller session logs
syslog log audit ubiquiti.wireless bridge
syslog log security a10.waf
syslog log security bomgar
syslog log security cisco.apic
syslog log security cisco.ise
syslog log security cisco.meraki.fw
syslog log security cisco.meraki.wap
syslog log security cisco.satellite
syslog log security cisco.stealthwatch
syslog log security cisco.waas
syslog log security forescout.counteract.nac
syslog log security guardium.db
syslog log security hp.network.node.mgr
syslog log security juniper.fw
syslog log security juniper pulse.ssl.vpn
syslog log security layer7.securespan.soa.gw
syslog log security mcafee.atd
syslog log security mcafee.mwg
syslog log security mcafee.net.security.mgr
syslog log security microsoft.ata
syslog log security palo.alto.fw
syslog log security sap.onapsis
syslog log security sdwan.app
syslog log security sdwan.os ubuntu
syslog log security symantec.dlp
syslog log security symantec.endpoint
syslog log security tanium
syslog log security tufin
syslog log source unidentified
test log security proofpoint.forensics api monthly
wef log audit windows.events

Source

Originally found here: https://github.com/Cargill/OpenSIEM-Logstash-Parsing

Tested versions 7.15
ECS compliant Yes

You must log in to submit a review.

Related downloads

suricata kibana dashboard

Filebeat Suricata Canvas dashboard

content share admin by content share admin

A Kibana Canvas dashboard example that visualizes suricata logs collected with Filebeat.

Download Now
Elastic security

Sigma Windows Process Creation detection rules

content share admin by content share admin

A collection of rules based on the Sigma rules for Windows (process creation folder) based on Winlogbeat data .

Download Now
Elastic security

ACSC Advisory IOCs detection rules

content share admin by content share admin

ACSC Advisory IOCs detection rules for Elastic SIEM

Download Now
office-365-dashboard

Office 365 dashboards

content share admin by content share admin

A collection of Kibana dashboards to provide a holistic view of Microsoft Office 365 environments

Download Now
cloudflare

Cloudflare Kibana dashboards

content share admin by content share admin

Cloudflare dashboards and ingest pipelines to visualize cloudflare logs

Download Now
Elastic security

Sigma detection rules for proxy server logs

content share admin by content share admin

A collection of rules based on the Sigma detection rules for proxy server and web server looks, e.g. zeek or suricata.

Download Now

These downloads could be also interesting for you

Logstash Downloads

OpenSIEM Logstash Parsing

content share admin by content share admin

Logstash Parsing Configurations for Elastic SIEM parses many different sources into ECS

Download Now
Logstash Downloads

Logstash Meraki Pipeline

content share admin by content share admin

Logstash Pipeline to load Meraki logs via Syslog into Elasticsearch

Download Now
Kibana Crawler dashboard

Crawler dashboard

content share admin by content share admin

A Kibana dashboard that visualizes the result of the crawler from Elastic Enterprise Search

Download Now
Elastic security

Sigma Windows Process Creation detection rules

content share admin by content share admin

A collection of rules based on the Sigma rules for Windows (process creation folder) based on Winlogbeat data .

Download Now
CMDB relations visualization

CMDB dependency in Kibana Dashboard

content share admin by content share admin

Kibana vega example to show how to load visualize relationships between different infrastructure and network components in vega.

Download Now

Impossible travel transform job

content share admin by content share admin

Impossible travel detection by calculating the distance between two login locations in combination with the time between the two logins

Download Now