-
The detection rule Authentication Failed Events is not using an allowed value for event.outcome
## Description
Describe the bug
The detection rule Authentication Failed Events is not using an a…
-
**Reference**
https://groups.google.com/d/topic/security-onion/5EuT6KpJ-6c/discussion
**Problem**
We recently changed Setup so that new Production Mode deployments are set to LOGSTASH_MINIMAL by …
-
In Filebeat 7.x (and in Beats 7.x in general), [the path to certain metadata has changed](https://www.elastic.co/guide/en/beats/libbeat/7.x/breaking-changes-7.0.html#_field_name_changes). In particula…
-
Sysmon v11.0 was released on April 28, 2020 and includes a new Event ID and few other minor changes. The Symon module in Winlogbeat should be updated.
References
- [Download](https://docs.micros…
-
Hi again
I have an issue where i can see any new logs appearing in Kibana since the 24/03/2020
although when i look at the LME Collector it is still successfully publishing logs
any help is appr…
-
### Problem description
Is sidecars maintained anymore? There are so many updates to winlogbeats and wondering if another release will ever be scheduled?
### Steps to reproduce the problem
1. .…
-
I'm using winlogbeat for pushing all windows events to elasticsearch. Parsing is not happening properly.
One of the examples is under “Message” there is “Properties” which when parsed in winlog.eve…
-
- Version: 7.6.2
- Operating System: Windows 10
- Discuss Forum URL:
- Steps to Reproduce: Execute a DNS query that returns a lot of IP addresses:
Sysmon appears to generate DNS Query logs that…
-
-
Follow up to #18592. In #18592, we set the `MODULE` environment variable at a global scope. As such, once the `MODULE` is determined and set, it gets used by all stages of the Jenkins CI pipeline. Thi…