Auditbeat: Combining data from both (system & file_integrity) modules

Stud21 · August 3, 2021, 7:24am

I am trying to list events from Auditbeat as below:
In Kibana discovery, select Auditbeat index pattern
Search for a file say, /etc/auditbeat/auditbeat.yml

It lists records that do not show the username for changes/creation/deletion made to the file.

How do I find file changes/creation/deletion done by he user in a single go?

system · August 31, 2021, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Username in auditbeat file_integrity module Beats auditbeat	1	334	March 29, 2022
Auditbeat - User Attribution Beats auditbeat	1	337	June 14, 2023
Auditbeat File arrival monitoring Beats auditbeat	4	640	November 21, 2018
Monitoring new users on Linux with Auditbeat Beats auditbeat	2	258	January 16, 2024
Auditbeat - map changes to users Beats auditbeat	4	772	November 4, 2022

Auditbeat: Combining data from both (system & file_integrity) modules

Related topics