We are being tasked with pushing event logs for file access to Kibana:
Winlogbeat > Logstash > ES/Kibana
I will filter it down to specific Event ID's in the winlog YML file and then let it run for 30 days to collate enough information for us to go by.
The query I have now is, how can I set up a relevant dashboard that can show me the below scenarios:
Some chart or filtered list to show this and then when you go into it, it can filter through what account has attempted access for read/write etc
A chart to show all access attempts to shares and what account attempted access
A chart to show successful access to a share
Then something similar for permissions and the file access, for read/write