Server send security events with WEF and in Authentication tab I don't found all accesses

Hi all

I'm using Elastic Stack v7.4.0 and I have a single winlogbeat on the Windows Server that receive with WEF all event of security of differents other server.

So I just correct by logstash, that I used to filter all traffic to Elasticsearch, the content of field with the value of winlog.computer_name.

Now I see in the host tab all servers but in authentication I don't see the accesses. I collect the information of different DC. What could I do? At the moment I see the user access in the field winlog.event_data.TargetUserName. Could I move the content of field winlog.event_data.TargetUserName in

Thank you

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.