Is there anyway with winlogbeats to get the devices current public IP and add that to the event data?
there is probably a way to get this working in the script processor maybe, but for sure no easy way:
Otherwise there might be a way if you use logstash output in winlogbeat and then enrich it using exec input and execute a Powershell script to identify the public IP:
Or you identify this public IP using an external Powershell script that writes from time to time a text file and from winlogbeat you read the content of this file using the script processor and move the content into a field.
That are the possibilities that come to mind.
great thank you, plenty of methods to explore
Sure. Let me know if there are still issues.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.