Latest version
Describe the issue:
Hey all.
I am thinking of choosing opensearch as a platform for logs coming in from Zeek and suricata.
So far I have zeek and suricata forwarding as JSON to logstash, log stash peforms some filtering and then sends the logs to opensearch.
I want to also include threat intelligence but I cannot seem to find a neat and easy way to implement this.
I recently heard that opensearch has threat intelligence built in as a plugin within “Detectors”. Although upon setting up my detector, the “Threat Intelligence Feed” does not present itself as an option to be ticked.
Would someone be able to help me out?
Thanks!
(Cannot attach screenshots unfortunately)