Hi, I've been trying to get registry changes to show up in elastic but despite having everything working locally and all other logs getting sent over, all registry-related events seem to be ignored and I have nothing on elastic.
- I have the windows integration with sysmon turned on.
- I have sysmon installed on my local machine with the default config.
- The registry fields have correctly been added to the index mappings.
- Registry commands are getting picked up by sysmon locally.
So I believe I've set up everything correctly and there must be an issue on the elastic side, or a misunderstading on my side might very well be possible.
If you've got any idea why this might be happening, feel free to give me pointers on how to fix this.
Thank you!