Based on this storm center article: https://isc.sans.edu/forums/diary/Windows+Events+log+for+IRForensics+Part+1/21493/
I'm trying to figure out how to query Kibana for specific event ID numbers from the dashboard search area the article mentions. Is there a definitive guide for searching OSSEC with Kibana. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
