In this video we’ll be using Winlogbeat to supplement the Security Onion sensor from the previous video with Windows event logs. This provides a single location for to collate, search and analyse windows events from multiple machines, and to correlate with network events. We also cover how to create a GPO to configure Winlogbeat automatically. References: Previous video on Security Onion: Winlogbeat configuration (inc. encryption): Windows Event Log encyclopedia: Timecodes: 0:00 Introduction 3:02 Sensor Setup 3:22 Single Client Setup 4:46 A Simple Search 6:36 Multi-Client Setup (via GPO) 8:20 Final Thoughts Credits: Intro/Outro Music: Render - Prism: (via Argofox: ) Diagram icons designed by OpenMoji ( ) CC BY-SA 4.0