Logstash on windows sends data directly to the security onion SOC, not elasticsearch on windows?

iqworks · April 27, 2023, 6:09pm

Hi, I am still learning about the sysmon data going to security onion.

It seems that using elasticsearch on windows handles only windows data and does not send the data to security onion kibana.

You can download kibana on windows, but it is like a standalone that only shows data collected from elasticsearch windows data.

In security onion, it is a service that collects only security onion data, and that THIS is seen in the SOC.

Logstash on windows collects sysmon data and sends that data directly to kibana on the security onion soc?

thanks much for any suggestions or advice

system · May 25, 2023, 6:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana showing windows_eventlog but not sysmon Kibana	3	134	June 8, 2023
Elasticsearch Security - Asking for Data Elastic Security	2	318	May 23, 2021
I am using the Sysmon-> logstash -> elasticsearch (ELK) architecture issues Elasticsearch	1	221	May 13, 2023
Is my Data being received by Elasticsearch? Elasticsearch	18	25604	June 2, 2017
Sysmon for Linux on Standalone Elastic-Agent to Logstash without Kibana Elastic Agent elastic-stack-monitoring , elastic-stack-security , elastic-stack-alerting , integrations	0	105	June 3, 2024