Skip to content

devynspencer/elk-moose

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

53 Commits
.vscode
.vscode
 
 
elasticsearch
elasticsearch
 
 
kibana/config
kibana/config
 
 
logstash
logstash
 
 
.env
.env
 
 
.gitattributes
.gitattributes
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

elk-moose

Quickly analyze Windows event logs.

# Rebuild environment, watch Logstash output
docker compose down --volumes; docker compose up --detach; docker compose logs --follow logstash

# Create Windows index template
Invoke-RestMethod "http://localhost:9200/_index_template/windows" -InFile "./elasticsearch/templates/windows.json" -Method Put -ContentType application/json

# Generate event logs
$Events = Get-WinEvent -ComputerName VPN01 -FilterHashtable @{ LogName = "System"; ProviderName = "RemoteAccess"; StartTime = (Get-Date).AddDays(-5) } | ConvertTo-Json -Depth 3

# Send event logs to Logstash via HTTP listener
Invoke-RestMethod "http://localhost:8080" -Method Post -ContentType application/json -Body $Events

About

Quickly analyze Windows event logs.

Topics

windows security elasticsearch kibana logstash elk evtx

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages