Windows Event Logs Filtering

[Gopans]

Dear All,

We are a newbie for configuring Wazuh for monitoring logs from Active Directory.We need to cature logs of Domain Controllers and we need to filter the logs according to One Particular OU or IP Range .Logs getting captured and its showing in Wazuh Dashboard and we enabled json logs all on config.But we are facing difficulty in filtering the logs and we need to send the filtered logs to secondary siem server which is possible (sys_log out put and server).But we could not figure out how to filter the logs according to OU or IP Addres range

Kindly help as we need the same urgently

Thanks & Regards

Gopakumar

[Alejandro Ruiz Gonzalez]

Hello Gopans,

Thanks for using Wazuh!

To help you in this case the best way will be that you post here a few examples of the events you are trying to filter. By this way, I can analyze the fields that comes inside those logs.

I would like that you share with me the details about some questions.

How do you want to send the logs from the primary to the secondary server?

Where do you want to filter those logs, inside dashboards or directly at the alerts/archives files?

I will be waiting for your answer.