mohdneotech

mohdneotech

Logstash, Meet Sentinel… Sentinel, Meet Logstash!

Background In both our free workshop and popular Defending Enterprises training we heavily utilise Elastic’s Winlogbeat, Auditbeat, Filebeat and Packetbeat agents. In past editions this data finally ended up in an Elastic backend which was accessed using Kibana. A common setup that works well. Since the release of Microsoft Sentinel back in 2019…