on Sep 9, 2020This document is intended to provide a general overview of Logstash and NetWitness Platform integration. The intention is to provide enough implementation detail that users can have comfort using and troubleshooting these integrations on their own.
To describe Logstash, here is some introductory text from Logstash reference documentation:
Logstash is an open source data collection engine with real-time pipelining capabilities. Logstash can dynamically unify data from disparate sources and normalize the data into destinations of your choice…
From a NetWitness Platform standpoint, there are two basic use cases:
- For customers that have an event source for which RSA NetWitness Platform does not already provide an integration, or if you want a customized integration that is different from the one provided by RSA.
- For customers that already have an existing Logstash configuration, you can use Logstash to integrate as many of your event sources as you like. Integrating your event sources should be a matter of updating the destination for where you currently send the log information: either adding NetWitness Platform as a destination, or changing your current output destination to NetWitness.
The following diagram displays a view of how Logstash integrates with the NetWitness Platform.
Next Topic:Dataflow
You are here
Table of Contents > Overview