Unable to see any login or failure event from windows hosts

Blason · October 2, 2021, 4:16am

Hi Folks,

I have setup elastic SIEM 7.15 with fleet and integrations with elastic-agent and windows.
I enrolled windows server in fleet and then I generated few failure events. However those are not being reflected on SIEM App.

Is anything else that I need to do in elastic agent configuration or windows configuration?

sholzhauer · October 4, 2021, 7:18am

Hi Blason,

Couple of questions:

Does you agent show up in the fleet overview?
Do you see any events comin in at all from the host?
What do you mean by "No events reflected in SIEM app"? As in where do you expect them to show?

Regards
Stijn

Blason · October 5, 2021, 5:33pm

Hey,

Thanks for the reply- it automatically started appearing the events after sometime.

system · November 2, 2021, 5:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.