I have a few ELK stacks up and running but I'm getting a lot of false 'Admin User Sessions' which are the computer accounts eg computer$. I'm using Windows Event forwarding to send all security related events over to my winlogbeat system then ship them over to ELK.
I tried to drop some of the events but how do I drop these computer objects from showing up as normal users?
Thank you