Windows Event Log Shipping Questions #5275
-
|
Hey there, In regards to shipping of Windows Event Logs into Security Onion, I have the following questions: Out of Winlogbeats, Osquery and Wazuh Agents, which of these will be automatically be parsed and normalized into ECS/ELK? Also does Winlogbearts, Osquery and Wazuh support ETW Logs? Cheers kl3ss |
Beta Was this translation helpful? Give feedback.
Answered by
defensivedepth
Sep 2, 2021
Replies: 1 comment
-
|
All three agents can ship + SO will parse and ingest WEL, including Sysmon logs. |
Beta Was this translation helpful? Give feedback.
0 replies
Answer selected by
defensivedepth
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
All three agents can ship + SO will parse and ingest WEL, including Sysmon logs.