Kibana showing windows_eventlog but not a sysmon module #10323
-
|
Hi, I finally got windows data into security onion. But I dont see sysmon categories? But I do show windows_events? are windows_events the same as sysmon maybe? not sure. thanks for any suggestions or advice |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
On your Windows host, did you install sysmon and configure winlogbeat to pick up the sysmon log? |
Beta Was this translation helpful? Give feedback.
-
|
HI Doug thanks for the links! I will review them. I am back on my other project right now, but will be back in a couple weeks. |
Beta Was this translation helpful? Give feedback.
-
|
Hi Doug, I finally see SYSMON in kibana !!!! Those two links above where very helpful. I had to make my VM standalone and I think I needed to enter the host in setup.kibana. |
Beta Was this translation helpful? Give feedback.
HI Doug thanks for the links! I will review them. I am back on my other project right now, but will be back in a couple weeks.