IDS based on windows logs

Hello everyone,
I m new in ELK. I would realize an intrusion detection system based on windows logs. I thought I could use machine learning x-pack, but creating multi metric job I don t know which fields I have to use to find anomalies. Someone have already done an IDS based on windows logs? Or someone can help me?

I'm not aware of any specific examples of running ML on Winlogbeat data. I suggest building up some Winlogbeat data in ES and then trying out some different ML job configuration. As you are building up the ML jobs and have questions I would post them in https://discuss.elastic.co/c/x-pack where there should be ML devs. I'd love to hear how this works out.

Here are some ML examples: https://github.com/elastic/examples/tree/master/Machine%20Learning

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.