Unable to see any login or failure event from windows hosts

Blason · October 2, 2021, 4:16am

Hi Folks,

I have setup elastic SIEM 7.15 with fleet and integrations with elastic-agent and windows.
I enrolled windows server in fleet and then I generated few failure events. However those are not being reflected on SIEM App.

Is anything else that I need to do in elastic agent configuration or windows configuration?

sholzhauer · October 4, 2021, 7:18am

Hi Blason,

Couple of questions:

Does you agent show up in the fleet overview?
Do you see any events comin in at all from the host?
What do you mean by "No events reflected in SIEM app"? As in where do you expect them to show?

Regards
Stijn

Blason · October 5, 2021, 5:33pm

Hey,

Thanks for the reply- it automatically started appearing the events after sometime.

system · November 2, 2021, 5:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How do I troubleshoot elastic agent not sending any logs to siem app SIEM	6	1081	November 9, 2021
I am not seeing any logs from elastic-agent from windows hosts Elastic Security fleet	4	507	November 4, 2021
Elastic Agent - Ship Windows logs for SIEM SIEM	1	156	May 2, 2024
Missing "Host" and Event Log Data under Security tab Elastic Security	1	328	May 23, 2021
No Host events Endpoint Security Endpoint Security	2	456	November 7, 2022

Unable to see any login or failure event from windows hosts

Related Topics