Does the Elastic Security Windows Integration or the Endpoint Integration not have the ability to pull from the Security channel of Windows Event Logs?
I had to create a new Custom channel to pull in security events from my windows machines. This would be a nice option in the default Windows Integration to pull Security channel.
Add System integration it's oddly not Windows integration.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.