Khoa previously wrote about monitoring AD Group Membership changes using his Powershell script which can be found here. In this article we will be setting up a Logstash filter that… [Continue Reading]
Category: Windows Event Forwarder
Sending Windows Event Forwarder Server (WEF) Logs to Elasticsearch (Winlogbeat)
Now that you are sending all of your logs to your Windows Event Forwarder, it’s time to forward them to Elasticsearch so we can visualize them in Kibana and make… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) – GPO Deployment Part 3/3
Now that you have setup a Windows Event Forwarder collector + Sysmon subscriptions, you are now ready to collect these logs from your endpoint. We will now create a group… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) – Sysmon Part 2/3
This is part 2 in which we will be setting up Sysmon in our WEF server. As you saw in the previous article, there is no option for Sysmon subscription… [Continue Reading]
Setting up Windows Event Forwarder Server (WEF) (Domain) Part 1/3
This will be a 3 part series in which we will setup a Windows Event Forwarder server which will collect event logs from Domain-joined Windows workstations based on subscriptions that… [Continue Reading]