No event collected from Sysmon (winlogbeat)

TheHunter1 · November 26, 2020, 1:51pm

Hello,

I have installed sysmon in a Windows machine using the command:

sysmon.exe -i -accepteula -h md5,sha256,imphash -l -n

And then restart winlogbeat. In winlogbeat log everything is working well, and i have logs like that:

020-11-26T14:45:30.485+0100	INFO	beater/eventlogger.go:88	EventLog[Microsoft-Windows-Sysmon/Operational] successfully published 1 events

but when I go to kibana I am not seeing any sysmon logs ash shown in this picture

Can you tell me what's the problem please ?

Thanks for your help

system · December 24, 2020, 3:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No event collected from Sysmon Elasticsearch elastic-stack-security	1	278	August 5, 2021
Sysmon events not getting into the SOC and kibana Kibana	1	176	May 19, 2023
Winlogbeat - Sysmon Module and Even.Code: 1 Missing Beats beats-module , winlogbeat	1	445	October 28, 2021
Processes are not logged in winlogbeat Beats winlogbeat	2	459	August 8, 2020
Winlogbeat not writing all events to Elasticsearch Elasticsearch	3	342	August 31, 2020