Sorry if it is obvious but i'm very new with this.
I would like to filter our windows security logs based in some groups manged in the active directory.
I don't know how to start.
Any idea for begin to think how?
Thanks.
Welcome to our community! 
Are the groups included in the log entries?
No. Logs are the standard logs provided by the security events of the domain controllers. In that logs are not included the groups the users belong to.
Then you will need to figure out a way to get that added into your logs, it's not something that Kibana can do as it doesn't have that context.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.