SysmonSearch for Nxlog

[V1D1AN]

Hello,

If I want test SysmonSearch with a Nxlog and a logstash. I must change my winlogbeat.yml of sigma with my nxlog.yml and change the "collection_alert_data.py" and "collection_statistical_data.py" ?

Congratulations on your work

[S03D4-164]

Connecting with a Nxlog sounds interesting, but I think it needs large-scale rewriting.

Although SysmonSearch has the yml of sigma, there are still a lot of hardcoded winlogbeat field names in the source...