Hi,
Please help me to achieve the following condition.
If (SourceIP of (Winlogbeat – Login as Admin AND Winlogbeat Privilege Escalation) = Same SourceIP - say X)
AND (Output of the Denied or Allowed Outbound Malicious Traffic Source IP = X)
Then index the matching documents to a new account index.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.