SIEM Pipeline 1.md

gistfile1.txt

| Component             | Description                                                                                                                                                       |
|-----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Sources (Windowsdevices, Syslog, Linux , network devices, apps              | Various data sources such as network devices, servers, applications, etc., send log data.                                                                          |
| Logstash (1st Instance)| Collects and processes the raw log data from various sources and outputs it to Redis for buffering.                                                                |
| Redis                 | Acts as a buffering layer to handle high-throughput log data efficiently and ensure data persistence in case of Logstash or Elasticsearch downtimes.              |
| Logstash (2nd Instance)| Pulls data from Redis, performs any additional processing or enrichment, and forwards the data to Elasticsearch.                                                   |
| Elasticsearch         | Stores the processed log data and provides powerful search and analysis capabilities.                                                                             |
| Kibana                | Front-end visualization tool for Elasticsearch, allowing users to interact with and analyze the data.                                                             |