SysmonSearch icon indicating copy to clipboard operation
SysmonSearch copied to clipboard

Published 20 hours ago verified publisher icon JPCERTCC

SysmonSearch for Nxlog

Open V1D1AN opened this issue 5 years ago • 1 comments

Hello,

If I want test SysmonSearch with a Nxlog and a logstash. I must change my winlogbeat.yml of sigma with my nxlog.yml and change the "collection_alert_data.py" and "collection_statistical_data.py" ?

Congratulations on your work

V1D1AN avatar Jul 15 '20 08:07 V1D1AN

Connecting with a Nxlog sounds interesting, but I think it needs large-scale rewriting.

Although SysmonSearch has the yml of sigma, there are still a lot of hardcoded winlogbeat field names in the source...

S03D4-164 avatar Jul 18 '20 08:07 S03D4-164