-
|
Hi guys I was perusing the Github projects and found the Priority Backlog project of which there was an issue #1354 in the done column for a new Kibana dashboard for Windows eventlogs. Just curious if there's anything that's able to be shared there or any timeline on when that may be released? I've been trying to come up with one myself but so far lacking. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
|
We have not assigned priority to this, therefore we can't share any particular timeframe for which it might be completed. PRs are welcome! |
Beta Was this translation helpful? Give feedback.
-
|
First, please note that you can already use the existing Kibana Host dashboard for Windows event logs: Also note that you'll likely want to deploy Sysmon to your Windows endpoints and there is already a dedicated dashboard for that. Finally, note that our Hunt interface gives you lots of capabilities for slicing and dicing your Windows event logs: |
Beta Was this translation helpful? Give feedback.
-
|
Thanks guys, I do have the windows_eventlog showing up already I was just hoping maybe there was a dashboard that was already configured for stuff like failed logins etc. Certainly don't expect a timeframe or anything just when I saw the closed issue I thought something may have already been completed. |
Beta Was this translation helpful? Give feedback.
-
|
Here's a quick Hunt query for failed logins: For example: |
Beta Was this translation helpful? Give feedback.
First, please note that you can already use the existing Kibana Host dashboard for Windows event logs:
Also note that you'll likely want to deploy Sysmon to your Windows endpoints and there is already a dedicated dashboard for that.
Finally, note that our Hunt interface gives you lots of capabilities for slicing and dicing your Windows event logs:
https://docs.securityonion.net/en/2.3/hunt.html