sysmon | Graphical system monitor for linux , including information | Monitoring library

-in and -contains are operators for checking if a value exists in a collection, in this case, you're comparing an object[] with a value.

You can either do this:

So it took me some time, but I've figured out what was the problem with my certificate. I didn't add it to the trusted root store on my windows machine.

In the end I've created a Winlogbeat crt and key using the elasticsearch-certutil tool by adding a Winlogbeat instance to the instances.yml file and copied the winlogbeat.crt, winlogbeat.key and ca.crt to my windows machine.

Note - You can find all of them under /var/lib/docker/volumes/es_certs/_data/

On the windows machine I configured the Winlogbeat the normal way and in the end I've added the ca.crt to the trusted root store using this tutorial.

I am not sure why you think it takes so much time to calculate the index size, you can simply use the _cat/indecs?v API and even can filter by your index prefix like if you want to know all the indices and size of indices starting with log-wlb-application , you can use the _cat/indices/log-wlb-application*?v which will print you all the indices starting with log-wlb-application and their size as explained in my previous answer to your this SO question.

Above _cat/indices API is super fast and you can call it programatically and automate the calculating the size of all your indices on a daily basis.

I don't have sysmon installed, but I'm assuming those fields are in the xml eventdata:

You may use this script:

Don't store data in 32 different variables. Use lapply and store data in a list :

I think you just need replace

Get clarity about the data type of each function. A view function returns data of type HttpResponse. You should change your data functions so that each returns data of the required type, not return a HttpResponse. For example the mm function should return memory data, which in your Model is a CharField (it is text with a limit of 200 chars). Make sure it returns text and not a Python list, not json, and not a HttpResponse.

Then call one view function, which will collect (from all the data functions) and save it before returning its HttpResponse. For example:

The cause of this is missing permission on the target process. For testing the required permission can be viewed with Process Explorer and right clicking target process and selecting Properties then Security tab and selecting Permissions button, you can add the required permission Process Query Information Allow for the user account the process calling OpenProcess is running as. Permission can also be denied due to process mandatory integrity control i.e. Medium level integrity process cannot access High integrity process. Even if the user account is added the correct permission but you do not have access due to mandatory integrity control you will get access denied.

In code this can be achieved by modifying the ACLs of the object as documented here

Here is a PowerShell script I wrote for testing different scenarios, such as adding the permission required.