Read encrypted windows event logs

Hello community,

for security reasons I have some eventlogs encrypted with an certificate.
Windows native its possible to decrypt them in order to get access again.

Is it also possible with winlogbeat or filebeat?

Best regards

There is no native feature in the Beats yo do that.

Hi @legoguy1000

thanks for the info. This would be a nice feature request pointing to endpoint security / environment security

Best Regards.

The problem with that is there are so many ways this would be approached, I don't think it would be sustainable. Are you talking about encrypted files, windows event logs, encrypted text within log files, encrypted syslog.....?

in my case - just the encrypted windows event logs

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.