blue-team-tools/tools/config/elk-windows.yml

logsources:
  windows:
    product: windows
    index: logstash-windows-*
  windows-application:
    product: windows
    service: application
    conditions:
      EventLog: Application
  windows-security:
    product: windows
    service: security
    conditions:
      EventLog: Security
  windows-sysmon:
    product: windows
    service: sysmon
    conditions:
      EventLog: Microsoft-Windows-Sysmon