I have created nine extractors to get all the Sophos variables I needed to use.
Tag: graylog
Graylog format AccessList For Windows file events
I setup Graylog to collect all the windows event logs including file event logs on the file servers at work. I noticed that the winlogbeat_event_data_AccessList field was not what the event did rather a %%#### code. I decided to build a pipeline to format the winlogbeat_event_data_AccessList field into a new field I designated as AccessList.
Continue reading “Graylog format AccessList For Windows file events”