I've to parse some windows security events which are currently not supported by Winlogbeat and looking to modify the existing parsing capability of Winlogbeat.
Looking at the file, it seems that "/module/security/config/winlogbeat-security.js" is the file where we've to do the changes. Is that right?
Any heads-up for this will be highly appreciated.
I don't want to write filters in Logstash.
Thanks in Advance.