I am forwarding logs from my collector environment to Kibana using winlogbeat
I am interested in finding who done what.
When I check a log I look for the user that done that, and I can't find - maybe I have bad filtering?
I found this: Logon ID: 0xA42006C
which seems to be hexadecimal, but I can't decipher into proper text.
I guess i'd be looking on User Name, but can't find anything
How can I forward logs from winevt/logs ? I was thinking of entering the logs path into yml or putting the saved logs so whenever someone opens the saved logs from that folder it will automatically load it into winlogbeat