Summary
- This article shows how to send logs from a Windows machine to an ELK stack, assuming the reader has already set one up.
- The first step is to download and install Sysmon on the Windows machine.
- Next, the installation must be configured with a proper XML file from GitHub.
- Once this is done, open Kibana and go to the “Integrations” tab and “Add Custom Windows Event Logs” button.
- A page with various configuration options will appear, and after following the onboard instructions the logs should begin appearing in Kibana.
By Ghostploit
Original Article