Strengthen Your SIEM: Using Logstash to Connect ArcSight to the Elastic Stack

As many of our users know, the Elastic Stack helps provide real-time insights into your data at massive scale.

With the release of Logstash 5.1, you can easily connect any device that supports the CEF data format as a codec to the Elastic Stack via files, kafka or syslog. This session will provide a step-by-step guide of how to extend and complement your existing ArcSight deployment with the Elastic Stack. Topics covered will include how to ingest CEF logs to the Elastic Stack using Logstash, visualising dashboards in Kibana, proactively monitoring security data in Elasticsearch using X-Pack alerting features and applying machine learning to identify potential suspicious signatures.

Samir Bennacer

Support Engineer at Elastic, Technology passionate, with several years of experience working with SIEM solutions and big data technologies.

Nicholas Lim

Nicholas Lim is a Consulting Architect with Elastic. He is passionate and experienced in the information security space, where he has spent over 10 years of his career developing, consulting, and implementing security solutions. Nicholas is currently Elastic's only Asia-based Consultant and lives in Sydney, Australia.