No event collected from Sysmon

bilel_meddeb · July 8, 2021, 7:47am

HELLO,
I have installed sysmon in a Windows machine using the command:

==> sysmon.exe -i -accepteula -h md5,sha256,imphash -l -n

And then restart winlogbeat. In winlogbeat log everything is working well, and i have logs like that:

020-11-26T14:45:30.485+0100	INFO	beater/eventlogger.go:88	EventLog[Microsoft-Windows-Sysmon/Operational] successfully published 1 events

but when I go to kibana I am not seeing any sysmon logs

Can you tell me what's the problem please ?

Thanks for your help

system · August 5, 2021, 7:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sysmon events not getting into the SOC and kibana Kibana	1	176	May 19, 2023
Kibana showing windows_eventlog but not sysmon Kibana	3	134	June 8, 2023
Winlogbeat - Sysmon Module and Even.Code: 1 Missing Beats beats-module , winlogbeat	1	445	October 28, 2021
How to activate sysmon event ID 3 Kibana	2	651	November 26, 2023
Updating winlogbeat.yml and adding more event logs Beats winlogbeat	4	1560	October 10, 2018