You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: reference/fleet/migrate-auditbeat-to-agent.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,7 +34,7 @@ The following table describes the integrations you can use instead of {{auditbea
34
34
| {{fleet}} [system](integration-docs://reference/system/index.md) integration | Collect login events for Windows through the [Security event log](integration-docs://reference/system/index.md#security). |
35
35
|[System.package](beats://reference/auditbeat/auditbeat-dataset-system-package.md) dataset |[System Audit](integration-docs://reference/system_audit/index.md) integration | This integration is a direct replacement of the System Package dataset. Starting in {{stack}} 8.7, you can port rules and configuration settings to this integration. This integration currently schedules collection of information such as:<br><br>*[rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>*[deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>*[homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br> |
36
36
|[Osquery](integration-docs://reference/osquery/index.md) or [Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Schedule collection of information like:<br><br>*[rpm_packages](https://www.osquery.io/schema/5.1.0/#rpm_packages)<br>*[deb_packages](https://www.osquery.io/schema/5.1.0/#deb_packages)<br>*[homebrew_packages](https://www.osquery.io/schema/5.1.0/#homebrew_packages)<br>*[apps](https://www.osquery.io/schema/5.1.0/#apps) (MacOS)<br>*[programs](https://www.osquery.io/schema/5.1.0/#programs) (Windows)<br>*[npm_packages](https://www.osquery.io/schema/5.1.0/#npm_packages)<br>*[atom_packages](https://www.osquery.io/schema/5.1.0/#atom_packages)<br>*[chocolatey_packages](https://www.osquery.io/schema/5.1.0/#chocolatey_packages)<br>*[portage_packages](https://www.osquery.io/schema/5.1.0/#portage_packages)<br>*[python_packages](https://www.osquery.io/schema/5.1.0/#python_packages)<br> |
37
-
|[System.process](beats://reference/auditbeat/auditbeat-dataset-system-process.md) dataset |[Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md)| Best replacement because out of the box it reports events forevery process in [ECS](integration-docs://reference/index.md) format and has excellent integration in {{kib}}. |
37
+
|[System.process](beats://reference/auditbeat/auditbeat-dataset-system-process.md) dataset |[Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md)| Best replacement because out of the box it reports events forevery process in [ECS](integration-docs://reference/index.md) format and has excellentintegration in [Kibana](/get-started/the-stack.md). |
38
38
|[Custom Windows event log](integration-docs://reference/winlog/index.md) and [Sysmon](integration-docs://reference/sysmon_linux/index.md) integrations | Provide process data. |
39
39
|[Osquery](integration-docs://reference/osquery/index.md) or[Osquery Manager](integration-docs://reference/osquery_manager/index.md) integration | Collect data from the [process](https://www.osquery.io/schema/5.1.0/#process) table on some OSeswithout polling. |
40
40
|[System.socket](beats://reference/auditbeat/auditbeat-dataset-system-socket.md) dataset |[Endpoint](/solutions/security/configure-elastic-defend/install-elastic-defend.md)| Best replacement because it supports monitoring network connections on Linux,Windows, and MacOS. Includes process and user metadata. Currently does notdo flow accounting (byte and packet counts) or domain name enrichment (but doescollect DNS queries separately). |
0 commit comments