Winlogbeat modules and file ingestion

Hey,

Is it possible to apply Security, Sysmon and Powershell modules in winlogbeat.yml if I'm ingesting a file?
I'm trying something like this, but it doesn't work

winlogbeat.event_logs:
- name: "C:/LOGS/some_target.evtx"
  tags: [forwarded]
  processors:
    - script:
        when.equals.winlog.channel: Security
        lang: javascript
        id: security
        file: ${path.home}/module/security/config/winlogbeat-security.js
    - script:
        when.equals.winlog.channel: Microsoft-Windows-Sysmon/Operational
        lang: javascript
        id: sysmon
        file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js

Any help would be appreciated )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.