SIEM/SOC Integration
All our modules include a powerful feature that injects informational headers for each request.
SIEM/SOC tools provide the possibility to include these headers.
Below is an example for the most famous SIEM/SOC tools.
[[inputs.logparser]]
files = ["/path/to/access_log"]
from_beginning = false
[inputs.logparser.grok]
patterns = ['%{COMBINED_LOG_FORMAT} %{WORD:x-DataDome-isbot} %{WORD:x-DataDome-botname} %{WORD:x-DataDome-botfamily} %{WORD:x-DataDome-captchapassed}' ]
measurement = "access_log"
# you need to add datadome headers in Elasticsearch output configuration: https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#_literal_headers_literal
module: nameOfModule
access:
enabled: true
var.paths: ["/path/to/log/access.log"]
# example accessLog : https://www.datadoghq.com/blog/monitor-apache-web-server-datadog
# example add cutom headers : https://docs.datadoghq.com/agent/faq/dogstream/#writing-parsing-functions
logs:
- type: file
path: /var/log/apache2/access.log
service: apache_gob_test
source: apache
sourcecategory: http_web_access
ELK use case
Once fileBeat is configured, you can use Kibana to check your data:
Discovery:
Discover bot
Creating your specific Kibana dashboard
Bot dashboard
TIG use case
Once Telegraf is configured, you can use Grafana to create your dashboard:
Updated over 2 years ago