Sysmon and Windows Defender

xxlt3xx · December 30, 2024, 8:25pm

So currently I’m replacing our old graylog server, we implemented windows defender and now we’re not getting data. So we are rebuilding from scratch as I got Ubuntu 24.04 LTS installed I’m wondering is it possible to run sysmon and windows defender together with Graylog certainly there would be some overlap but can this be done in graylog 6.1a?

Joel_Duffield · December 30, 2024, 11:38pm

What do you mean “together” you want to get logs from both sysmon and defender?

xxlt3xx · January 6, 2025, 5:49pm

yes, I see there is a sysmon/defender config from oalaf on git just wondering if it can work in graylog or anyone has done it

Joel_Duffield · January 6, 2025, 7:16pm

Yeah, it should work. Symon and Defender normally log everything to Windows events, so you are just ingesting the Windows events into Graylog.

Topic		Replies	Views
Graylog + nxlog + sysmon Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	7	2115	June 4, 2019
Question on greylog and events from Windows AD controller Graylog Central (peer support)	3	305	February 15, 2024
Graylog, sysmon and pipeline rules found on this forum (still applies ? ) Graylog Central (peer support) pipeline-rules , sidecar , winlogbeat	3	899	January 18, 2022
Azure Event Hub help Graylog Central (peer support) basic-configuration	4	986	April 26, 2022
New to Graylog - need help getting started Graylog Central (peer support) sidecar , nxlog , winlogbeat , nodatanx	5	1743	April 30, 2017

Sysmon and Windows Defender

Related topics