*Logstash on windows sends data directly to the security onion SOC, not elasticsearch on windows? #10244
*Logstash on windows sends data directly to the security onion SOC, not elasticsearch on windows?
#10244
Replies: 1 comment
-
|
https://docs.securityonion.net/en/latest/beats.html#winlogbeat Use Winlogbeat on Windows endpoints to ship logs to SO. There is also a link to a YouTube video demonstration on that page. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I am still learning about the sysmon data going to security onion.
It seems that using elasticsearch on windows handles only windows data and does not send the data to security onion kibana.
You can download kibana on windows, but it is like a standalone that only shows data collected from elasticsearch windows data.
In security onion, it is a service that collects only security onion data, and that THIS is seen in the SOC.
Logstash on windows collects sysmon data and sends that data directly to kibana on the security onion soc?
thanks much for any suggestions or advice
Beta Was this translation helpful? Give feedback.
All reactions