This article introduces the fundamentals of leveraging network firewall logs within Elastic Security. It highlights the role of firewalls as critical security controls that provide visibility into both north-south and east-west traffic, which is essential for detecting lateral movement and external threats.
The guide details specific data fields found in firewall logs, such as source/destination IPs, ports, and application info, mapped to the Elastic Common Schema (ECS). It also outlines the process for ingesting this data using the Elastic Agent and exploring it through the interactive Network Page to identify anomalies and establish traffic baselines.
Top comments (0)