The party begins as the other one said… I'm going to show you some things that I think you'll like to be able to exploit your logs and evolve our SIEM into a SOC, Very interesting topics. First we have ElastAlert2, which is an open-source tool that will allow us to generate rule-based alerts with data stored in Elasticsearch.