What log sources do you need for Security Analytics

jimishs · March 21, 2023, 10:33am

OpenSearch security analytics supports these 13 logs sources (in 2.6) with pre-defined mappings and Sigma security rules . What are some of the other log sources that you would like to analyze with security analytics?

Ask: Pls share the top 5 log sources that have relevance for your security use cases. Thanks

jasonrojas · March 21, 2023, 5:27pm

AuditBeat would be fun

jimishs · April 3, 2023, 7:13pm

Thanks @jasonrojas . Are there any others you would like to add?

AME · April 9, 2023, 7:39am

I’m using nxlog to collect Windows eventlog, but not sure about the mapping of the fields. Is there anyone else using nxlog for the Security Analytics plugin?

wildfire · April 21, 2023, 3:53pm

I would like to add,

Microsoft Sysmon for granular logging on Windows
Microsoft powershell logging
Windows firewall log
WMI activities
Sysmon for Linux

system · June 20, 2023, 3:54pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
No data sources? OpenSearch	3	53	April 18, 2024
Feedback: Experimental Feature - Security Analytics General Feedback	10	702	January 3, 2023
Best practices for the log shipper selection of Windows eventlog OpenSearch	3	467	February 8, 2024
Using security analytics is hard mostly because of a lack of documentation Security Analytics	35	1265	April 9, 2024
Winlogbeat + security module analytics: data growup Security Analytics	2	432	August 19, 2023

What log sources do you need for Security Analytics

Related Topics