Import Windows Event Dashboard

Hello there,

Is there a good Windows Event Dashboard/Visualizations that I can import from somewhere? I don't really care what it monitors, I'd just like to be able to find something that I can interact with without having to build something from scratch at the moment.

I have windows events imported and separated into fields/values. Any suggestions would be great.

Have you taken a look at WinLogBeat? There are sample dashboards it will import: https://www.elastic.co/downloads/beats/winlogbeat

Specifically Step 5 of https://www.elastic.co/guide/en/beats/winlogbeat/current/winlogbeat-getting-started.html

At this time, we are not using Beats to send logs because it wasn't around during the first implementation of ELK.

Is there another method you can suggest?

Any dashboard you get will have to be aware of the data and the format it is in. So unless your using something like Beats to ingest the data and they have a sample dashboard to use I am afraid you're not going to have much luck.

At the end of the day, creating visualizations is quite easy and it's just a matter of adding them to a dashboard.

Alright. Thanks for that intel. I'm not really the creative type, so I was hoping to find something flashy that someone did with JSON scripts. I figured that would be pretty universal since Windows events have the same fields in Server 2008+. Looks like I'll have to keep on researching things that others find useful and try to implement that.

Thanks

While the windows events are similar, you can break up that data and index it in many ways or have additional post-processing. For Beats, we have developed what we call the Elastic Common Schema which we hope to create a standardized naming convention for this type of data across the industry. You can read more about that here: https://www.elastic.co/blog/introducing-the-elastic-common-schema.

Maybe give WinLogBeat a try?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.