Impelix IMPACT Integration
with Microsoft Windows Logs
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
Microsoft Windows Logs
Winlogbeats
- Download Winlogbeats (OSS Version) from
https://www.elastic.co/downloads/beats/winlogbeat-oss - Extract the file from step 1 onto the Windows machine that will be sending logs to IMPACT.
- The directory can be placed anywhere on the filesystem.
- Edit the winlogbeat.yml within the extracted folder, as follows:
- Remove all content in the current file
- Copy and paste the example show below into the empty file
- Replace IMPACTIP with the IP address of the Impelix IMPACT server
- Save the file
- Execute the install-service-winlogbeat.ps1 file in the directory.
- Execute winlogbeat.exe in the file directory to start the service.
- Open the Services admin plugin in Windows and enable the Winbeats service and set it to start on boot.
winlogbeat.yml content:
winlogbeat.event_logs:
- name: Application
ignore_older: 72h
- name: Security
- name: System
event_logs.batch_read_size: 10
output.logstash:
hosts: [IMPACTIP:5044]
ssl.enabled: true
ssl.verification_mode: none
