Add KAPE-parsed Eventlog records to the Eventlog Dashboard #338
Assignees
Labels
Comments
MTekinAU
changed the title
|
ah good observation. The Eventlog Dashboard does not currently pull data from the |
philhagen
changed the title
|
also adding a note that we now have Eventlog data from Plaso as well, so we'll need to incorporate those too. |
|
Hi there, just to add on to this, previously, before a kape-* data view was added, kape-parsed logs would distribute between all relevant dashboards i.e EventLog, LNK and NTFS Dashboards. Now with the introduction of the new data view they all populate only the kape-* data view meaning the dashboards receive no data. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I can see the kape logs when I select kape-* from data views dropdown under Discover section, but I cannot see anything under Eventlog Dashboard.
The text was updated successfully, but these errors were encountered: