Published using Google Docs
TJ's Elastic Cookbook Library
Updated automatically every 5 minutes

Windows Event Collector


WEC Forward log file 

WEF via HTTPS (instead of HTTP) 


WEC Server setup 

Preparation & Configuration 

Creating additional forward log files   

Set up the WEC subscriptions 

Active Directory configuration (GPO, OUs, and Groups) 

Set up Winlogbeat 



References & further reading 


Multi-factor Authentication & SAML SSO

Starting with Okta 

Open an Okta developer account 

Enable MFA in Okta 

Enable Kibana/ES to use SSO (on Elastic Cloud) 

Prepare Kibana/ES 

Create Okta application for Kibana/ES 

Configure Elasticsearch and Kibana (in EC) 

Enable the SMP to use SSO 

Create Okta application for the SMP 

Configure the SMP for SSO 

Refining Security Roles


Starting with Okta


Role Catalogue 

Built-in / Pre-defined roles for users

Machine Role templates

User Role templates

Role-Mapping Catalogue 

Role-Mapping Templates 

Machine user Catalogue

Machine user templates