With no shortage of new vendors, logs, and updated reporting and alerting formats, there’s bound to come a time when you need to convert a new stream into Elastic Common Schema to get the most out of your Elastic SIEM.
Join us for a one-hour deep dive into the clean, organized belly of the Elastic Common Schema. We’ll show you how to better understand the SIEM app and we’ll walk through converting new formats to the Elastic Common Schema — enabling all of your logs to work with the SIEM app.
- Review Elastic Common Schema (ECS) organization
- Understand how ECS relates to logs and event sources
- Review how the Elastic SIEM app leverages ECS
- Dive into the conversion process with a live integration of new logs
- Webinar slides
- Want to try it for yourself? Take some of these features for a spin with a free trial of our Elasticsearch Service
- Interested in contributing to ECS? Join in here!