Elastic SIEM MIP-Connector

The script can be used to extract security-relevant events of mandatory categories according to § 4 para. 3 BSIG from a SIEM based on an Elastic Stack and transmit them automatically via the API of the Reporting and Information Portal of the BSI.
The script operates as follows:

1. Data Extraction from the SIEM: The script retrieves data from a SIEM/SOC based on an Elastic Stack. It utilizes specific filters for the Elastic Count API obtained from a configuration file.
2. Data Processing and Preparation: The data extracted from the Elastic Stack is stored in a memory table for later transmission to the reporting and information portal. This step also includes checking whether the detail information to be transmitted exceeds the maximum length.
3. Authentication and Retrieval of Bearer Token: The script authenticates itself with the MIP-API of the BSI using the username and password from the configuration file. It then retrieves a bearer token for further communication with the API.
4. Data Transmission to the MIP-API: Once the data is prepared and the bearer token is obtained, the script sends the mandatory data to the MIP-API of the BSI. It monitors the success of the transmission and logs relevant events accordingly.