IDS basend on windows logs

Hello everyone,
I m new in ELK. I would realize an intrusion detection system based on windows logs. I thought I could use machine learning x-pack, but creating multi metric job I don t know which fields I have to use to find anomalies. someone can help me?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.