I am new to Winlogbeat and would like to know how to match Event ID, Knowledge Base DB (https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx) with winlogbeat
Thanks.
You'd need to build a table and then use the translate filter in LS - https://www.elastic.co/guide/en/logstash/current/plugins-filters-translate.html
I was thinking about this today when looking at some winlogbeats and realised that you can just use a field formatter in Kibana!
Set it up like this;
And you then get a link off to that ID;
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.