15 lines
713 B
Markdown
15 lines
713 B
Markdown
Host Visibility — Security Onion 2.3 documentation
|
|
***Modifying the Winlogbeat.yaml to work with the OSSysbeat.ps1 script to set up the shipping of host logs to Security Onion***
|
|
Right click and edit the winlogbeat.yaml file
|
|
Scroll down to the “winlogbeat.event_logs:” section
|
|
The bottom line of this section should read as follows:
|
|
name: Microsoft-Windows-Sysmon/Operational
|
|
|
|
Scroll down to the Elasticsearch section and comment out the host's line
|
|
|
|
Scroll down to the Logstash section and uncomment the “output.logstash:” line and the “hosts” line below it
|
|
Then, change the IP in the square brackets to be the IP address of our security onion sensor
|
|
|
|
Ctrl + S to save, close the file
|
|
|
|
by cpl adams |