Sending Windows Logs using WinLogbeat
Download Winlogbeat – Download here (64-bit) Step 1: Download and extract winlogbeat.zip to c:\program files\ (Should look like the image below) Step 2: Open the winlogbeat.yml and edit with notepad: We will add the following under winlogbeat.event_logs: winlogbeat.event_logs: – name: Security event_id: 1102,4608,4609,4624-4648, 4700-4800,4950 ignore_older: 72h – name: Application event_id: 1000,1002,1001 ignore_older: 72h – […]
Recommended Windows Audit Policy Settings
This post includes recommend Windows audit policy settings. No two environments are the same so after running for a week inspect how much data is being recorded and if any can be removed. Ideally you will be after more than 24hrs worth of data held with a security event log size set to 2GB (2GB […]