Hi There,
Is it possible use auditbeat to monitor ( FIM ) for windows for network file shares or windows file shares for GDPR , if we have some confidential data, is it possible to mention the path of the shared folders of network file shares or windows file shares in auditbeat.yml rather than using winlogbeat security logs (where it works with combination of two or more windows events )
Thanks,
Raj
What is FIM?
Sorry for misunderstanding https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-file_integrity.html
File integrity module 
Winlogbeat uses ReadDirectoryChangesW to monitor for changes. So it depends as you'll see if you take a look at Microsoft documentation for that function. It looks some filesystem types might work. Give it a try.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.