search

Security-Onion-Solutions / security-onion

Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
https://securityonion.net
3.06k stars 519 forks source link

securityonion-elastic: improve elasticsearch ingest parsing for sysmon logs via Wazuh #1754

Closed dougburks closed 4 years ago

dougburks commented 4 years ago

We need to set event_type to sysmon so that sysmon events will show up on the sysmon dashboard.

dougburks commented 4 years ago

Published: https://blog.securityonion.net/2020/04/elastic-688-now-available-for-security.html