Can ELK do automated event/log correlation?

Or can a third party application that interfaces with ELK? Either in real time or with historical data using predefined rule logic. I often see mention of ELK being used as a SIEM, but I never see event correlation being done. I'm left wondering how it's more than log management without that. I know 7.2 introduced their SIEM app, but it doesn't have this either.

I've found something called dsiem which is on the right track but not quite there. It only does real time, offers no management via the UI, and requires programming knowledge to configure.

Is there anything out there? Is this not something SIEMs do anymore because machine learning and anomaly detection are the new thing?

Thanks, guys!

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s