713 B
713 B
Host Visibility — Security Onion 2.3 documentation Modifying the Winlogbeat.yaml to work with the OSSysbeat.ps1 script to set up the shipping of host logs to Security Onion Right click and edit the winlogbeat.yaml file Scroll down to the “winlogbeat.event_logs:” section The bottom line of this section should read as follows: name: Microsoft-Windows-Sysmon/Operational
Scroll down to the Elasticsearch section and comment out the host's line
Scroll down to the Logstash section and uncomment the “output.logstash:” line and the “hosts” line below it Then, change the IP in the square brackets to be the IP address of our security onion sensor
Ctrl + S to save, close the file
by cpl adams