dsiem icon indicating copy to clipboard operation
dsiem copied to clipboard

Published 20 hours ago verified publisher icon defenxor

DSIEM WITH AUDITD LOGS

Open A00279521 opened this issue 1 year ago • 0 comments

Am testing DSIEM on Auditbeat which consist of "System module" and "Auditd module". I do not see any Auditd module logs in my "siem-event" but I can see those of system module logs and can generate alarms. I have assigned IP addresses (127.0.0.1) and port numbers per documentation in my logstash using a filter because the audit module events have no IP addresses and port numbers, yet they are not being captured in the siem-event. Do you have any suggestion or Dsiem pipeline would not process auditd module logs.

Kind Regards

Peter

A00279521 avatar Dec 11 '23 11:12 A00279521