Logstash on windows sends data directly to the security onion SOC, not elasticsearch on windows?

Hi, I am still learning about the sysmon data going to security onion.

It seems that using elasticsearch on windows handles only windows data and does not send the data to security onion kibana.

You can download kibana on windows, but it is like a standalone that only shows data collected from elasticsearch windows data.

In security onion, it is a service that collects only security onion data, and that THIS is seen in the SOC.

Logstash on windows collects sysmon data and sends that data directly to kibana on the security onion soc?

thanks much for any suggestions or advice

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.