Рет қаралды 11,126
In this video we’ll be using Winlogbeat to supplement the Security Onion sensor from the previous video with Windows event logs. This provides a single location for to collate, search and analyse windows events from multiple machines, and to correlate with network events. We also cover how to create a GPO to configure Winlogbeat automatically.
References:
Previous video on Security Onion: • Bootstrap your Network...
Winlogbeat configuration (inc. encryption): docs.securityonion.net/en/2.3...
Windows Event Log encyclopedia: www.ultimatewindowssecurity.c...
Timecodes:
0:00 Introduction
3:02 Sensor Setup
3:22 Single Client Setup
4:46 A Simple Search
6:36 Multi-Client Setup (via GPO)
8:20 Final Thoughts
Credits:
Intro/Outro Music: Render - Prism: • Render - Prism [Creati... (via Argofox: / argofox )
Diagram icons designed by OpenMoji (openmoji.org/) CC BY-SA 4.0