How to match Event ID, Knowledge Base DB with winlogbeat

Kennedy_Kan1 · May 1, 2016, 4:26pm

I am new to Winlogbeat and would like to know how to match Event ID, Knowledge Base DB (https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/default.aspx) with winlogbeat

Thanks.

warkolm · May 1, 2016, 9:24pm

warkolm · May 12, 2016, 1:38am

I was thinking about this today when looking at some winlogbeats and realised that you can just use a field formatter in Kibana!

Set it up like this;

And you then get a link off to that ID;

Topic		Replies	Views
Winlogbeat "event_id" filter does not seem to be working Beats winlogbeat	2	888	September 16, 2019
Winlogbeat event_id Beats winlogbeat	3	1177	July 3, 2017
Can't filter with winlogbeat.event_id on kibana Kibana	5	422	August 13, 2019
Filtering Winlogbeat on Event ID Beats winlogbeat	8	10172	July 5, 2017
Filter winlog.event_id in wineventlog Logstash	4	957	December 26, 2019