What log sources do you need for Security Analytics

jimishs · March 21, 2023, 10:33am

OpenSearch security analytics supports these 13 logs sources (in 2.6) with pre-defined mappings and Sigma security rules . What are some of the other log sources that you would like to analyze with security analytics?

Ask: Pls share the top 5 log sources that have relevance for your security use cases. Thanks

jasonrojas · March 21, 2023, 5:27pm

AuditBeat would be fun

jimishs · April 3, 2023, 7:13pm

Thanks @jasonrojas . Are there any others you would like to add?

AME · April 9, 2023, 7:39am

I’m using nxlog to collect Windows eventlog, but not sure about the mapping of the fields. Is there anyone else using nxlog for the Security Analytics plugin?

wildfire · April 21, 2023, 3:53pm

I would like to add,

Microsoft Sysmon for granular logging on Windows
Microsoft powershell logging
Windows firewall log
WMI activities
Sysmon for Linux