On Windows Auditbeat the system module exposes the host and processes datasets. In this setup the file integrity module is not used. On the same MS servers Winlogbeat with the security module as well as Metricbeat and Packetbeat are deployed. The SIEM app is important to the business in this setup.
My question is: do I miss any important events, especially in the SIEM app, by excluding the Auditbeat from the deployment on Windows. I have performed some tests, which indicate the Winlogbeat security module feeds the required data to SIEM.
How about the upcoming version 8.0 of Auditbeat - will it add more functionality on Windows compared to the current version?