IDS based on windows logs


(cesare) #1

Hello everyone,
I m new in ELK. I would realize an intrusion detection system based on windows logs. I thought I could use machine learning x-pack, but creating multi metric job I don t know which fields I have to use to find anomalies. Someone have already done an IDS based on windows logs? Or someone can help me?


(Andrew Kroh) #2

I'm not aware of any specific examples of running ML on Winlogbeat data. I suggest building up some Winlogbeat data in ES and then trying out some different ML job configuration. As you are building up the ML jobs and have questions I would post them in https://discuss.elastic.co/c/x-pack where there should be ML devs. I'd love to hear how this works out.

Here are some ML examples: https://github.com/elastic/examples/tree/master/Machine%20Learning


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.