Replies: 1 comment
-
|
Have to add, now that I've been playing with Auditbeat for a couple weeks, if you are a linux focused org, primarily in cloud, you need this data. Trying to use ausearch from cli is obsolete and will not give you correlation between hosts. Auditbeat also uses modules to pair down the number of events and enriches data in ways that are super helpful. A simple example is in auditbeat.yml: resolve_ids: true. This will resolve your uids and guids to user names/groups, which is something you cant really do anywhere other than at the client level. I appreciate everything you all have done, it's given me the scaffolding to do this, but man this would be great to have supported out of the box in a future release. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Auditbeat is incredibly useful for inspecting linux syscalls and doing incident response. I would love to see support out of the box as it currently works with Winlogbeat.
Beta Was this translation helpful? Give feedback.
All reactions