I am using elastic stack SIEM and I wanna know if there is a solution to interact with my firewall. SO after that the SIEM detect a port scanner I wanna that it adds a rule automatically in my firewall and block that IP addresse.
Thanks for your answers.
If you have licences, you can use alerts for this. Alerts allow to call a web-service on detection.
You can then call your firewall, or call a micro service to call your firewall or update your blacklist.
You can see the reference here: https://www.elastic.co/guide/en/elasticsearch/reference/current/actions-webhook.html