Hi,
We are trying to send out all event logs from windows servers to ELK server and filter + tag on logstash. How would we filter that on logstash? We are trying to tag every possible threat or alert. For example if it's a event id 4618 which is viewed by windows as High on potential severity, than tag it with "critical". Maybe there is another way other than using event IDs? Because there are so many.
Please advise.
thanks,
Pat