Dashboard for file access logs

We are being tasked with pushing event logs for file access to Kibana:
Winlogbeat > Logstash > ES/Kibana

I will filter it down to specific Event ID's in the winlog YML file and then let it run for 30 days to collate enough information for us to go by.

The query I have now is, how can I set up a relevant dashboard that can show me the below scenarios:

Some chart or filtered list to show this and then when you go into it, it can filter through what account has attempted access for read/write etc

Access denied
A chart to show all access attempts to shares and what account attempted access

Access approved
A chart to show successful access to a share

Then something similar for permissions and the file access, for read/write

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.