Https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog

Hello,
I’ve been searching for a while but has anyone manged to work out the missing bits in the rules and the stage order in this blog post -
https://www.graylog.org/post/back-to-basics-enhance-windows-security-with-sysmon-and-graylog

Cheers,
Lachlan.

he @lmuir

sorry that we missed that. It will be fixed in the next hours.

1 Like

That’s awesome, thanks for such a quick answer!

Hello,
I checked again today and there appears to be no change in the article.

Cheers,
Lachlan.

I’m stuck too! I have the sysmon logs coming in but not sure on the pipeline - Also the dashboard won’t install when I add the content pack I get a post error: Installing content pack failed with status: Error: cannot POST http://x.x.x.x:9000/api/system/content_packs/a33f6f3e-b4a2-4ddd-8cf6-eefbd271bfb9/0/installations (500). Could not install content pack with ID: a33f6f3e-b4a2-4ddd-8cf6-eefbd271bfb9

Any ideas?

he @petegriggs

the content pack was created for Graylog V2.x - that will not work in Graylog 3.x.

We are currently re-working the article to match Graylog Version 3.x

Hi Jan.

Thanks for this. Any idea when it will drop or if there is a way of exporting a Graylog V2 dashboard in to 3.?

Thanks
Peter.

No sorry - I can’t predict a time my colleagues will have that finished.

You do not have the option to import the old into the new system.