Is there anyway with winlogbeats to get the devices current public IP and add that to the event data?
Hi Philip,
there is probably a way to get this working in the script processor maybe, but for sure no easy way:
Otherwise there might be a way if you use logstash output in winlogbeat and then enrich it using exec input and execute a Powershell script to identify the public IP:
Or you identify this public IP using an external Powershell script that writes from time to time a text file and from winlogbeat you read the content of this file using the script processor and move the content into a field.
That are the possibilities that come to mind.
great thank you, plenty of methods to explore
Sure. Let me know if there are still issues.