I am working on getting elastic security setup. I am using a self-managed elastic stack. I have successfully added a fleet server and an elastic agent. The elastic agent is added to a Windows machine. The agent is sending data like it supposed to but there are some issues
It doesn't look like it is using Winlogbeat at all. I am trying to write some rules that are based off of some windows logs but it doesn't look like the elastic agent is collecting windows logs or winlogbeat data at all. Do I configure this somewhere? It seems to be getting filebeat and metricbeat stuff just fine
Any help with these issues is greatly appreciated.