Hello all
I am new to Elastic, I have experience in CrowdStrike Next-Gen SIEM/LogScale and Microsoft Defender
I feel a bit lost when I access the Elastic portal and it's not easy for me to navigate through
My main goal is to be able to query the logs using the new ES|QL since it feels familiar and create dashboards showing system metrics
I am looking for advice on where I should start, avoid, and the best learning resources
How you deal with a CTO acting as gatekeeper citing concerns that log forwarding might “inadvertently affect staff and operations” and asking BRD + SDD and project plan for simple onboarding Log to the SIEM ?
First time I deal with this type of situation where the CTO is a micromanagement want to be part of any task assigned to his specialist team
Note that we have an approved and actively contracted Managed SOC service. The vendor is ready to go. The onboarding work is straightforward standard, read-only API-based log integrations for cloud identity and collaboration platforms into a SIEM. No agents, no production changes, nothing disruptive.