Delaware, USA – September 4, 2019 – SOC Prime, Inc. announces the release of Premium Log Source Pack for Elastic Common Schema (ECS) that provides essential log telemetry across all 12 Tactics of MITRE ATT&CK. ECS is a specification that facilitates the analysis of data from diverse sources and provides a consistent and customizable way to structure data in Elasticsearch. It helps security teams to apply analytics content widelier, create precise searches, and use custom field names. ECS Premium Log Source Pack allows covering various most popular log sources of on-premise and cloud platforms commonly used worldwide in enterprise and smaller companies. It contains config files for logstash and API pulling scripts that enable smooth and fast integration of 52 log sources with the Elastic platform. Events are normalized to ECS to provide a structured and high quality data usable for threat hunting, real-time cross-device correlation, and detection of 149 ATT&CK Techniques.
ECS Premium Log Source Pack allows to directly save from 52 to 260 man/days on data integration and parser development when deploying Elastic stack for your company. This package is a premium add-on and can be purchased separately with any Threat Detection Marketplace subscription.
The list of supported log sources is available on the Integrations page: https://my.socprime.com/en/integrations/esc-premium-log-source-pack
For individual log source support please contact [email protected] or schedule a session with SOC Prime sales: [email protected].