IDS based on windows logs

(cesare) #1

Hello everyone,
I m new in ELK. I would realize an intrusion detection system based on windows logs. I thought I could use machine learning x-pack, but creating multi metric job I don t know which fields I have to use to find anomalies. Someone have already done an IDS based on windows logs? Or someone can help me?

(Andrew Kroh) #2

I'm not aware of any specific examples of running ML on Winlogbeat data. I suggest building up some Winlogbeat data in ES and then trying out some different ML job configuration. As you are building up the ML jobs and have questions I would post them in where there should be ML devs. I'd love to hear how this works out.

Here are some ML examples:

(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.