Sysmon events not getting into the SOC and kibana

iqworks · April 21, 2023, 9:16pm

Hi, I have been trying to get my sysmon events to show up in kibana.
Does anyone know if there is a debugging check list that I could follow?
I uninstalled and sysmon and winlogbeat. I went into the sysmon.yml and I selected practically all event ID's.
I see a lot of kratos and filebeat events in kibana, but no sysmon events.
I tried to check the winlogbeat-20230421.ndjson, but its only 5k?
Not sure what to check.
Which logs should I be looking at?

thanks again for your advice or suggestions

system · May 19, 2023, 9:16pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No event collected from Sysmon (winlogbeat) Beats winlogbeat	1	311	December 24, 2020
No event collected from Sysmon Elasticsearch elastic-stack-security	1	278	August 5, 2021
Winlogbeat - Sysmon Module and Even.Code: 1 Missing Beats beats-module , winlogbeat	1	445	October 28, 2021
Kibana showing windows_eventlog but not sysmon Kibana	3	135	June 8, 2023
Parsing Sysmon Logs to filter on Event.Code Beats winlogbeat	2	868	November 2, 2020

Sysmon events not getting into the SOC and kibana

Related topics