First of all, thanks for the help.
We are considering using PEL to protect Windows logs and we don't know very well how to do the decryption process to incorporate the logs into ELK using Logstash and winlogbeat.
Thanks for everything.
PEL https://blogs.technet.microsoft.com/kfalde/2017/05/13/securing-your-powershell-operational-logs/