Just installed the first Aufitbeat agent to a Windows server and as this is a Windows Core server access is really only via ssh. Has anyone played with this setup? Auditbeat is reporting, but I'm not seeing sshd login being reported to Elasticsearch.
I'm not sure how to configure Auditbeat on Windows Server to ensure that sshd events are logged.