I have an ELK server and a Windows client that send Threat Intel logs to ELK using Filebeat.
The Enrichment log is doing by MISP (Integration between ELK and MISP by THIS LINK).
And the logs are OK.
I want to test this enrichment with threat intel rules in kibana and want to see some alarms.
How can I test this?
And I solve it.
There was a misconfiguration.
Threat intels was not enabled!!!
Just enrichment configurations was working.