This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Windows & Linux Server Audit logs native Integration

Posted on 02-09-2024 01:31 AM
Rajat_Kulkarni
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Chronicle recently included the Native (One-click) integration for Windows and Linux Audit logging, I did try this with installing OPs agent on the VM but no success.

Has anyone tried this? do we need to enable anything else apart from OPs agent?

Below are the export filters included for this integrations.

  •  WINEVTLOG:
    • log_id("winevt.raw")
    • log_id("windows_event_log")
  • NIX_SYSTEM:
    • log_id("syslog")
    • log_id("authlog")
    • log_id("securelog")
  • LINUX_SYSMON:
    • log_id("sysmon.raw")
  • AUDITD:
    • log_id("audit_log")

Thank you for the replies.

2 0 278
Topic Labels
0 REPLIES 0
Top Solution Authors
View all