Hi,
I am new to using graylog and a siem in general
i am looking at sysmon (windows event logs) at the moment and was wondering if the following still applies
Sysmon Script not pulling in logs - Graylog - Graylog Community
I am using the latest open graylog version and i think the fieldnames have changed in the meanwhile.
Thanks in advance
Hello && Welcome
It might not work since that is a different version. I personally haven’t tried that.
Are you wanting to get Windows Event logs? If this is correct there are other way to achieve this.
EDIT:
I believe this works.
Hi,
Thanks for the reply, i am not sure but i think the provided link will not work but need to verify, the winlogbeat field names have changed and need to be adjusted, i got it working eventually by looking up the new names and adjusting accordingly.
when i am on site and have some time i will post an update here.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
