Windows Event Collectorhttps://ela.st/tj-qsg-wec
Introduction
WEC Forward log file
WEF via HTTPS (instead of HTTP)
Disclaimer
WEC Server setup
Preparation & Configuration
Creating additional forward log files
Set up the WEC subscriptions
Active Directory configuration (GPO, OUs, and Groups)
Set up Winlogbeat
Appendix
Troubleshooting
References & further reading
Authour
Multi-factor Authentication & SAML SSOhttps://ela.st/tj-qsg-sso-mfa
Starting with Okta
Open an Okta developer account
Enable MFA in Okta
Enable Kibana/ES to use SSO (on Elastic Cloud)
Prepare Kibana/ES
Create Okta application for Kibana/ES
Configure Elasticsearch and Kibana (in EC)
Enable the SMP to use SSO
Create Okta application for the SMP
Configure the SMP for SSO
Refining Security Roleshttps://ela.st/tj-qsg-sec-roles
Preamble
Icons
Role Catalogue
Built-in / Pre-defined roles for users
Machine Role templates
User Role templates
Role-Mapping Catalogue
Role-Mapping Templates
Machine user Catalogue
Machine user templates