Filter and tag windows event logs on logstash


We are trying to send out all event logs from windows servers to ELK server and filter + tag on logstash. How would we filter that on logstash? We are trying to tag every possible threat or alert. For example if it's a event id 4618 which is viewed by windows as High on potential severity, than tag it with "critical". Maybe there is another way other than using event IDs? Because there are so many.

Please advise.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.