Hello all,
I would like to thank you in advance for your time reading my following issue :
In order to install the windows integrations (Windows Event Logs/Windows) and benefit from the provided visualisations and the rules from Elastic Security, I'm trying to setup the integration by modifying the winlogbeat.yml in the Winlogbeat install directory by adding :
output.elasticsearch:
hosts: ["<es_url>"]
username: "elastic"
password: ""
setup.kibana:
host: "<kibana_url>"
However, we use Logstash between the winlogbeat (installed on WEF) and Elasticsearch and I could not figure out which setup to implement making the log appearing in the stream and from the connector.
Does the setup need to be the same when Logstash is used ? Is it going to duplicate the events by adding output.elasticsearch in the winlogbeat config ?
Thank you in advance for your help on this and sorry if the subject has been treated yet in the portal.
Regards,
Remy