Hi, I have been trying to get my sysmon events to show up in kibana.
Does anyone know if there is a debugging check list that I could follow?
I uninstalled and sysmon and winlogbeat. I went into the sysmon.yml and I selected practically all event ID's.
I see a lot of kratos and filebeat events in kibana, but no sysmon events.
I tried to check the winlogbeat-20230421.ndjson, but its only 5k?
Not sure what to check.
Which logs should I be looking at?
thanks again for your advice or suggestions