Event ID missing - winlogbeat

edvrfn · August 2, 2020, 8:21pm

I am interested in event-id 3 of sysmon and and i am not getting it in elasticsearch. There are other event IDs but not this one.

Blockquote
Network connection detected:
RuleName: -
UtcTime: 2020-08-02 19:46:15.226
ProcessGuid: {9a29744c-028e-5f27-2304-000000001100}
ProcessId: 4548
Image: C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
User: E-PC\epc
Protocol: tcp
Initiated: true
SourceIsIpv6: false
SourceIp: 192.168.254.1
SourceHostname: host.docker.internal
SourcePort: 4835
SourcePortName: -
DestinationIsIpv6: false
DestinationIp: 23.65.246.253
DestinationHostname: a23-65-246-253.deploy.static.akamaitechnologies.com
DestinationPort: 443
DestinationPortName: https

system · August 30, 2020, 8:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.