Elastic has introduced a new capability that simplifies collecting and analyzing Windows telemetry through Event Tracing for Windows (ETW) integrated into its platform. ETW, a high-performance logging mechanism for Windows, allows the capture of detailed event data about system performance and activity, which is now accessible via the ETW input for Filebeat, a tool that subscribes to ETW providers to gather and transmit telemetry data to Elasticsearch for analysis. This integration offers three modes of operation: creating new ETW sessions, attaching to existing ones, and reading from prerecorded .etl files, catering to diverse data collection scenarios for real-time monitoring, forensic analysis, and troubleshooting. The update also includes specialized integrations, such as for the Microsoft DNS Server, which focuses on gathering DNS server audit and analytical logs, offering prebuilt dashboards for immediate insights into DNS activity. Users can also configure custom ETW integrations to ingest specific provider data, enhancing their ability to monitor application logs, system performance metrics, and historical event data, thereby providing real-time insights into system performance, application behavior, and potential security risks.