We are forwarding system network event logs via winlogbeat generated by sysmon and was attempting at dropping internal traffic events using private IP ranges.
Seems yml config does not supports wildcard hence cannot use <10.*>
Is there another way in winlogbeat to accomplish this?
Sysmon conditional grouping rules is another issue hence unable to do that.
Thank you in advance!