Winlogbeat modules and file ingestion


Is it possible to apply Security, Sysmon and Powershell modules in winlogbeat.yml if I'm ingesting a file?
I'm trying something like this, but it doesn't work :confused:

- name: "C:/LOGS/some_target.evtx"
  tags: [forwarded]
    - script: Security
        lang: javascript
        id: security
        file: ${path.home}/module/security/config/winlogbeat-security.js
    - script: Microsoft-Windows-Sysmon/Operational
        lang: javascript
        id: sysmon
        file: ${path.home}/module/sysmon/config/winlogbeat-sysmon.js

Any help would be appreciated )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.