Winlogbeat modules and file ingestion

jane · October 15, 2021, 1:46pm

Hey,

Is it possible to apply Security, Sysmon and Powershell modules in winlogbeat.yml if I'm ingesting a file?
I'm trying something like this, but it doesn't work

winlogbeat.event_logs:
- name: "C:/LOGS/some_target.evtx"
  tags: [forwarded]
  processors:
    - script:
        when.equals.winlog.channel: Security
        lang: javascript
        id: security
        file: ${path.home}/module/security/config/winlogbeat-security.js
    - script:
        when.equals.winlog.channel: Microsoft-Windows-Sysmon/Operational
        lang: javascript
        id: sysmon
        file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js

Any help would be appreciated )

system · November 12, 2021, 3:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat processor for powershell module Beats winlogbeat	3	536	October 20, 2020
Can I ingest specific log files using winlogbeat? Beats winlogbeat	5	506	May 24, 2022
Cant filter out events? Beats winlogbeat	15	875	November 24, 2020
Modify filebeat module Beats winlogbeat	1	218	September 13, 2020
SIEM, Winlogbeat and Windows Auditing Beats winlogbeat	2	485	July 11, 2020

Winlogbeat modules and file ingestion

Related topics