Archive for December, 2017

SYSMON – ELK Integration and Monitoring APT34 Tools

Summary The previous post Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration, explained how to leverage monitoring of Windows Event Log through Elasticsearch while using Kibana Winlogbeat and Logstash. The blog post also provided a list of Windows Event Log records (based on their functionality and […]

Read More

Monitoring for Windows Event Logs and the Untold Story of proper ELK Integration

Summary I have been searching online for some time now for any information about the proper method for monitoring Windows Event Log records via Elasticsearch. Nonetheless, there are several blogs that explain how to accomplish this process including some documentation from the Elastic team. However, each one provides a small […]

Read More