rgbrow1949
commented
1 day ago Merge conflict issues with this PR. This branch was originally cloned off main but needs to go into 1.4.0. So I need to reclone the branch off 1.4.0. I will need to remake the Pull Request. Will likely and PR and reopen a new one.
Edited the Chapter 1 Group Policy Objects LME-WEC-Client and LME-WEC-Server to now have the audit policies that will yield more ID logs out of active directory on the domain controller.
Closes #235
You can test this by importing the new GPOs and updating the network's group policies. Then perform an action that would trigger one of the new audit policies and find it in the event viewer and see if it is then forwarded to Elastic.