Microsoft DHCP Logs Shipped to ELK, (Fri, Mar 12th)

This parser takes the logs from a Windows 2012R2 server (C:\Windows\System32\dhcp) and parses them into usable metatada which can be monitored via a dashboard. The logs have been mapped using ECS in the same format as the packetbeat meta here [1].

Article Link: https://isc.sans.edu/diary/rss/27198