What log Windows security rules require into a winlogbeat

dominic.savaria · February 19, 2024, 8:06pm

I want to enable most of the Windows security rules in Kibana, but I am missing a lot of fields from my winlogbeat. We are fowarding our logs into a windows event collector but I don't know what log are missing for the security rules.

Exemple:

Microsoft-Windows-PowerShell/Operational
Microsoft-Windows-PowerShell/Admin

I don't want to install the agent on every server, we already have too many agent running.

system · March 18, 2024, 8:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reporting Windows Security Events in Kibana Beats winlogbeat	4	5384	April 12, 2016
Windows Security Logs Winlogbeat Beats winlogbeat	3	541	March 24, 2022
Analysis logs for security events Beats winlogbeat	10	13593	June 2, 2016
Issues with additional event logs enabled Beats winlogbeat	1	429	August 21, 2020
Winlogbeat - not getting all the logs Beats winlogbeat	1	649	May 10, 2022

What log Windows security rules require into a winlogbeat

Related Topics