Hello,
I have some windows log files and I have uploaded them to my cluster using winlogbeat [Not sure how to read from .evtx files | Winlogbeat Reference [master] | Elastic]
I would like to know if it's possible to run detection rules for that logs to help me in my investigation as there is log ot logs ?
Thanks for your help
The only thing I could think of that might work in Elastic is to adjust the lookback time on when a rule is run or build visualizations that match the detection query and run your logs against the visualization in Kibana.
There are a few alternatives that can run SIGMA rules against event log files. You could convert your detection rules to SIGMA and then run your logs against those rules.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.