This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
- This plugin was created and is maintained by a partner.
- Change log
For plugins not bundled by default, it is easy to install by running bin/logstash-plugin install logstash-filter-threats_classifier
. See Working with plugins for more details.
This plugin uses the cyber-kill-chain and MITRE representation language to enrich security logs with information about the attacker’s intent—what the attacker is trying to achieve, who they are targeting, and how they plan to carry out the attack.
Documentation for the filter-threats_classifier plugin is maintained by the creators.
This is a third-party plugin. For bugs or feature requests, open an issue in the plugins-filters-threats_classifier Github repo.