Windows Event Log integration module for Elastic Agent #20886
Labels
Comments
botelastic
bot
added
the
needs_team
|
Pinging @elastic/ingest-management (Team:Ingest Management) |
botelastic
bot
removed
the
needs_team
|
@dancs85 Is under our radar, we want to do some refactor of Winlogbeat/filebeat to add to the elastic agent. But having better windows support is one of our priority. |
ph
added
v7.10.0
Team:Services
|
Pinging @elastic/integrations-services (Team:Services) |
|
Wait, I've misread the ask, the elastic-agent does support the winlog input, we need to have an official integration. |
|
The windows package already makes use of the winlog input in Agent. For Sysmon and others we should consider separate integrations. But on the Beats/Agent side itself I think we are done. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the enhancement:
The Elastic Agent should have a module that replicates the functionality of Winlogbeat, including the Powershell, Security and Sysmon modules. If possible, Sysmon itself should be able to be bundled in (if licencing allows) as this will populate a lot of the information the SIEM app uses.
Describe a specific use case for the enhancement or feature:
The Windows event logs are used in both Observability and Security arenas.
Bundling sysmon will cover users who don't opt to use the Elastic Endpoint module (I believe Sysmon/Elastic Endpoint generate very similar logs)
The text was updated successfully, but these errors were encountered: