Hi,
We are being tasked with pushing event logs for file access to Kibana:
Winlogbeat > Logstash > ES/Kibana
I will filter it down to specific Event ID's in the winlog YML file and then let it run for 30 days to collate enough information for us to go by.
The query I have now is, how can I set up a relevant dashboard that can show me the below scenarios:
Shares/Paths
Some chart or filtered list to show this and then when you go into it, it can filter through what account has attempted access for read/write etc
Access denied
A chart to show all access attempts to shares and what account attempted access
Access approved
A chart to show successful access to a share
Then something similar for permissions and the file access, for read/write