in order to filter by an event ID of Windows, just use this query in the
search bar of kibana:
decoder.name:"windows" AND id:"4625"
In this case, you are filtering events with id 4625:
2016 Sep 20 07:50:17 WinEvtLog: Security: AUDIT_FAILURE(*4625*): Microsoft-
Windows-Security-Auditing: (no user): no domain: WIN-....: An account
failed to log on...
I assume you are sending the file *alerts.json* to elasticsearch.
On Monday, September 19, 2016 at 10:11:37 PM UTC+2, namobud...@gmail.com
> Based on this storm center article:
> I'm trying to figure out how to query Kibana for specific event ID numbers
> from the dashboard search area the article mentions. Is there a definitive
> guide for searching OSSEC with Kibana.
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.