Colby99
December 2, 2020, 1:05pm
1
Hello i have various error in the "Security" section. Starting by:
The tab Overview:
In the tab Hosts i got this 3 errors
I'm using winlogbeat 7.10 and stack ELK 7.10
thank you for the help !
Your winlogbeat mappings aren't installed properly probably. See this thread for troubleshooting steps:
Hi @aura , as you've discovered, it seems that some of your fields are not being mapped to the correct Elasticsearch datatypes . Elastic Common Schema (ECS) specifies that fields such as host.name must be of the keyword datatype. Indeed, as you've also discovered, Elastic SIEM relies specifically on host.name to be present as a condition for populating many visualizations with host data.
I'm not sure how familiar you are with Elasticsearch mapping and index templates , as they can be challenging…
