Elasticsearch 7.x compatibility with ICDx

book

Article ID: 184821

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

There is no information in the Integrated Cyber Defense Exchange (ICDx) manual for 1.3.1 or earlier that says that Elasticsearch (ELK stack) 7.x is compatible.

Environment

ICDx 1.3.1 or later
Elasticsearch 7.x (either fresh or migrated install)

Resolution

[Information valid as of 23 December, 2019]

Refer to the documentation here for the latest configuration for Elasticsearch and ICDx:

https://www.symantec.com/connect/sites/default/files/SOC%20Investigator%20App%20for%20Elastic%20Stack%20Installation%20and%20Configuration%20Guide%20-%20September%202019%20v1.pdf

Feedback

thumb_up Yes

thumb_down No