What log sources do you need for Security Analytics

OpenSearch security analytics supports these 13 logs sources (in 2.6) with pre-defined mappings and Sigma security rules . What are some of the other log sources that you would like to analyze with security analytics?

Ask: Pls share the top 5 log sources that have relevance for your security use cases. Thanks

AuditBeat would be fun :slight_smile:

Thanks @jasonrojas . Are there any others you would like to add?

I’m using nxlog to collect Windows eventlog, but not sure about the mapping of the fields. Is there anyone else using nxlog for the Security Analytics plugin?

I would like to add,

  1. Microsoft Sysmon for granular logging on Windows
  2. Microsoft powershell logging
  3. Windows firewall log
  4. WMI activities
  5. Sysmon for Linux

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.