Am a newbie to RockNSM and have managed to get it installed on VMWorkstation to review as a possible SIEM/LEM instead of a commercial offering which also appears to use Kibana as the frontend. So far it looks great and loads very quickly!
But i’m wondering whether RockNSM could also be used for Log Collections from Syslog and Windows Event forwarding by using Logstash as well as having the ability to generate reports on the dashboards or visualisations to save reports for auditing, etc?
I’m also new to the ELK stack as well, so apologies if it may be an obvious question.
Out of my own curiosity, I’ve looked into roughly how RockNSM works, and looks like there are “plugins” used for the Suricata, Bro and FSF parts and wonder whether something similar would also need to be created to add the additional features?
This is really to have a central management console to review information from the whole network on top of “tapping” the network, but to have information directly sent also to the RockNSM servers (such as firewall syslogging, etc)?