Verify fields in parsed logs.

cisagov / LME

Logging Made Easy (LME) is a no cost, open source platform that centralizes log collection, enhances threat detection, and enables real-time alerting, helping small to medium-sized organizations secure their infrastructure.

https://www.cisa.gov/resources-tools/services/logging-made-easy

Other

895 stars 72 forks source link

Verify fields in parsed logs. #57

Open llwaterhouse opened 1 year ago

llwaterhouse commented 1 year ago

From Adam's comments:

Check if we are loading the elasticsearch ingest node pipelines from the winlogbeat setup command and that logstash is configured to use the ingest node pipelines.

Reference this Slack Canvas discussion: https://dhscisa.enterprise.slack.com/docs/T02QH7E1MHA/F067EAFHZT9

llwaterhouse commented 11 months ago

This ticket is also referred to as "update Elastic Schema".