[Filebeat CEF] Microsoft DNS Overview on Filebeat 7.12

numpty-boy · March 31, 2021, 9:43am

Hi Team,

I'm hoping one of you can get me out of this misery ...

I have packetbeat set up on my M$ DNS servers and is collecting some really helpful info.

My elasticSearch cluster is running separately and seems to be working fine.

My windows box can connect to it and is passing WinLogBeat info as well as the PacketBeat stuff I mentioned.

My problem is, I can't seem to get anything out of the FIleBeat "CEF Microsoft DNS Overview" dashboard. The dashboard is there, just no data.

I've set up filebeat on my windows box as described in the "Quick Setup" guide. Its trying to feed data directly to my ES cluster [no logstash].

My guess is that my data sources are messed up in the filebeat config on the windows box.

Cany anyone give me a clue what's missing?

Thanks

Chip.

andrewkroh · March 31, 2021, 2:25pm

That dashboard is part of the CEF module. It shows CEF data forwarded from ArcSight. So it's not applicable to the data you're collecting with Winlogbeat and Packetbeat. So you aren't missing anything from what I can tell. There are Packetbeat DNS dashboards and also a DNS table in the Security -> Network app in Kibana.

numpty-boy · April 1, 2021, 11:44am

That explains everything:)

Many thanks for that Andrew

Chip.

system · April 29, 2021, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.