0xThiebaut
commented
4 years ago I second this. We are looking at introducing SilkETW in our course's stack but being unable to search the data retrieved through Winlogbeat is a breaker.
Open ion-storm opened 5 years ago
0xThiebaut
commented
4 years ago I second this. We are looking at introducing SilkETW in our course's stack but being unable to search the data retrieved through Winlogbeat is a breaker.
Json is nice, however there is nested json that is hard to parse and requires select json and advanced parsing. If possible can you log to the eventlog format so eventlog loggers like Winlogbeat parse the fields automatically.