ELK : exporting to CSV

Note: the following requires the "jq" json parser, available from: http://stedolan.github.io/jq/ 1. Run the desired query through the Kibana WebUI 2. Expand the additional options pane by clicking on the arrow underneath the graph as indicated in the below screenshot: 3. Select “Request” and copy the request displayed: 4. Open a linux terminal and use the … Continue reading ELK : exporting to CSV

AlienVault: Monitoring individual sensor Events Per Second [EPS]

In a distributed AlienVault environment, it is important to be able to monitor individual sensor's output. In our case, the requirements was to: Monitor each sensor's generated events over a configurable interval If the number of generated events of a sensor goes below a configured threshold, then notify the user via email There are several … Continue reading AlienVault: Monitoring individual sensor Events Per Second [EPS]