Commits on Nov 16, 2020

1. Winlogbeat Security new dashboards - Older dashboards improvements (e… …

   …lastic#18775)
   
   This PR adds two new dashboards related to events added in PRs (elastic#12906, elastic#14299, elastic#15217, elastic#17517) and implements some improvements to existing winlogbeat security module's dashboard
   
   New Dashboards
   
       User Logon Dashboard shows all the logon information. It allow us to keep track between logon and admin logons event between RDP connections and disconnections.
       Failed and Blocked Accounts allow us to keep track to failed logons and locked out account
   
   Existing Dashboards
   
       Added Distribution groups Events (elastic#15217)
       Found that Event 4625 can be generated by two different providers: Microsoft-Windows-Security-Auditing and Microsoft-Windows-EventSystem. Filters to use only the event.code=4625 from Microsoft-Windows-Security-Auditing where added
   
   All Dashboards
   
       Markdown with links all the winlogbeat security dashboards where added (following the idea of Filebeats, Auditbeat dashboards)
       image
   
       Visualization that use may events (like group management related visualizations)
       were modified in order to use a saved search with the relevant events for that visualization as a source (instead of using individual filters for each visualization)
   
       Removed the margin between panels to look in the same way that other beats dashboards
   
       TSVB metrics were modified to use the Entire Time Range and to use eye-friendlier colors
   
   Co-authored-by: Andrew Kroh <andrew.kroh@elastic.co>
   (cherry picked from commit 7b9c535)

   

   janniten authored and andrewkroh committed Nov 16, 2020
   Configuration menu

   • View commit details
   • Copy full SHA for c194dd8
   • Browse repository at this point

   Copy the full SHA

   c194dd8 View commit details

   Browse the repository at this point in the history