search

elastic / integrations

Elastic Integrations
https://www.elastic.co/integrations
Other
30 stars 447 forks source link

[windows] LAPS Events for Windows Integration #11305

Open nicpenning opened 1 month ago

nicpenning commented 1 month ago

Please add LAPS (local administrator password solution) events into the current Windows integration as additional data streams so that users will not have to use the Custom Windows Integration and have to maintain their own events.

This will help simplify windows event log collection.

Relates: #4564

elasticmachine commented 1 month ago

Pinging @elastic/sec-windows-platform (Team:Security-Windows Platform)

leandrojmp commented 1 week ago

I've just had the same requirement today and found out that there is no native integration for it.

@nicpenning can you share how you are collecting it?

nicpenning commented 1 week ago

Use Custom Windows Event Log integration and setting the event provider to Windows LAPS. Works well, but can be greatly improved