Auditbeat on windows for FIM


(Raj) #1

Hi There,

Is it possible use auditbeat to monitor ( FIM ) for windows for network file shares or windows file shares for GDPR , if we have some confidential data, is it possible to mention the path of the shared folders of network file shares or windows file shares in auditbeat.yml rather than using winlogbeat security logs (where it works with combination of two or more windows events )

Thanks,
Raj


(Mark Walkom) #2

What is FIM?


(Raj) #3

Sorry for misunderstanding https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-file_integrity.html

File integrity module :slight_smile:


(Andrew Kroh) #4

Winlogbeat uses ReadDirectoryChangesW to monitor for changes. So it depends as you'll see if you take a look at Microsoft documentation for that function. It looks some filesystem types might work. Give it a try.


(system) #5

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.