Download from Github
View on GitHub
Open Issue
This content Pack is only intended for Windows Security Monitoring.
If you noticed some data about security that is not parsed or missing fields, you can open an issue and I will update the Content Pack.
Tested with Windows 10/11 and Windows Server 2022 and Graylog 5.2.2.
The Content Pack should be compatible with all Graylog 5.X version.
Note this was built without extractors, only pipeline rules.
Includes
- Input (Beats/TCP/5044)
- Stream (Filebeat & Winlogbeat)
- Pipeline Rules w/ stages
- Lookup table + Data adapter + data cache
- Dashboards
Not included
Hard files that need to be downloaded, see info
Requirements
- Graylog 5.2.0
- Sidecar API Token Created
- Graylog Sidecar Agent 1.5.0
- Winlogbeat & Filebeat 7.12.1
- Winlogbeat Security & Powershell Module
- Edit Windows-ALL-Security-Content-Pack.json before uploading it !
I worked hard to share this with the community, I hope it will suits your needs 
PM me if you encounter any issue.
Note
I dropped many Events on the winlogbeat configuration that are not needed for space optimization, adjust to your needs.
Log size estimation: 130 MB/Agents/day
- 30 MB/Agents/day for filebeat
- 100MB/Agents/day for winlogbeat
