Skip to main content

Winlogbeat

Winlogbeat

Description

Winlogbeat is an agent conceived by Elastic in order to transfer Windows Events logs.

Configuration

Warning

Target OS: Windows

Winlogbeat is configured by default according to the documentation. In addition, the Powershell's transcripts are logged. Finally, the event logs retrieved are :

  • Application

  • System

  • Security

  • Microsoft-Windows-Sysmon/Operational

  • Microsoft-Windows-PowerShell/Operational with event ids:

    • 4103
    • 4104
    • 4105
    • 4106

How to enable

You only need to click on the Add button to deploy Winlogbeat.

Usage

You need to activate a SIEM in order to check Logstash logs.

Last update:
Contributors: Frédéric Guihery
Copyright © 2024 AMOSSYS