Hi, I am still learning about the sysmon data going to security onion.
It seems that using elasticsearch on windows handles only windows data and does not send the data to security onion kibana.
You can download kibana on windows, but it is like a standalone that only shows data collected from elasticsearch windows data.
In security onion, it is a service that collects only security onion data, and that THIS is seen in the SOC.
Logstash on windows collects sysmon data and sends that data directly to kibana on the security onion soc?
thanks much for any suggestions or advice