Add documentation for Winlogbeat modules #12361
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
andrewkroh
added
docs
review
Winlogbeat
needs_backport
|
Pinging @elastic/secops |
cwurm
approved these changes
Jun 3, 2019
winlogbeat/docs/modules.asciidoc
Outdated
| Winlogbeat before the events are delivered to the output. | ||
|
|
||
| The general goal of each module is to transform events by renaming fields to | ||
| comply with the Elastic Common Schema (ECS). The modules may also apply |
There was a problem hiding this comment.
Maybe link to ECS docs (if somebody doesn't know what it is)?
|
|
||
| The default configuration file includes configuration for Sysmon. If you do not | ||
| have Sysmon installed Winlogbeat will log a warning that you can ignore stating | ||
| that it could not read from the `Microsoft-Windows-Sysmon/Operational` channel. |
There was a problem hiding this comment.
I stumbled over this long sentence. Maybe split it / merge it with the next, e.g.: If you do not have Sysmon installed Winlogbeat will log a warning that it could not read from the Microsoft-Windows-Sysmon/Operational channel. You can ignore this, it will continue to read from the other configured channels.
There was a problem hiding this comment.
To simplify the long sentence I removed the comment about ignoring the warning. I think that's implicit.
Add documentation for the security and sysmon modules that explains what the modules accomplish and how to configure them. Relates elastic#11651
- Add ECS link - Simplify sentence in sysmon docs
andrewkroh
force-pushed
the
feature/wlb/module-docs
branch
from
83d391f to
986ccaa
Compare
houndci-bot
reviewed
Jun 3, 2019
andrewkroh
added a commit
to andrewkroh/beats
that referenced
this pull request
Jun 3, 2019
Add documentation for the security and sysmon modules that explains what the modules accomplish and how to configure them. Relates elastic#11651 (cherry picked from commit 0ff05eb)
andrewkroh
added
v7.2.0
and removed
needs_backport
andrewkroh
added a commit
that referenced
this pull request
Jun 4, 2019
andrewvc
pushed a commit
to andrewvc/beats
that referenced
this pull request
Jun 12, 2019
Add documentation for the security and sysmon modules that explains what the modules accomplish and how to configure them. Relates elastic#11651
leweafan
pushed a commit
to leweafan/beats
that referenced
this pull request
Apr 28, 2023
Add documentation for the security and sysmon modules that explains what the modules accomplish and how to configure them. Relates elastic#11651 (cherry picked from commit 3cf45cb)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add documentation for the security and sysmon modules that explains
what the modules accomplish and how to configure them.
Relates #11651