Issue with creating the workflow in Shuffle

[Vanessa-R-Pereira]

Hi Team,

I am a student and trying to setup the SOC system using open source tools as per the tutorial provided.

I am facing challenge in adding the fields in the shuffle which i want to see in the the various trigger apps. For example if I am configuring that when an alert is triggered a message should be posted in the SIEM solution. However I am unable to understand how did you get the field name. I read the comments and I see you mentioned something about parsing with mustache format which i did not understand. Nor was I able to locate the video for parsing the logs.

I have setup the Elasticsearch, kibana and fleet. Also loaded the default rules. Please guide me what should I select for getting information like rule name and number of alerts etc. Also if i need to parse the logs and if yes then how do I do it.

Please help as soon as you can.

Regards,