Links & Downloads for the “Sending Windows Event Logs to Graylog” video.
Download Sysmon from here: Sysmon - Sysinternals | Microsoft Learn
Download NXLog Community edition from here Download - Nxlog Community Edition
For the video tutorial I used the Sysmon Modular default+ version.
A popular alternative is from Swift On Security
To install Sysmon with the default+ version open up and elevated command prompt and run
sysmon.exe -accepteula -i sysmonconfig-with-filedelete.xml
The install NXLog using the default options. The replace C:\Program Files\nxlog\conf\nxlog.conf
with the one from my GitHub and update the IP address (and port if you changed defaults) to in that config to point at your Graylog instance.
Then restart the NXLog service.
The MITRE ATT&CK Log Data Demo referenced in the video
https://attack.mitre.org/techniques/T1033/