Pasing logs received from another SieM
I'm a beginner in the arcsight solution.
I'm looking a method to parse all logs (DB, WEB, ...) arriving from another SIEM (ELK) in syslog format.
I cannot install arcsight agent in source machines directly.
My question is: Is-it possible to install one arcsight agent in a machine who receive raw events from ELK but with different parser (for apache, mysql ....) before sending result to arcsight logger?
Thank you for your return.