Hi all.
I'm trying to migrate from auditbeat to elastic endpoint and most of every module is ok except for the network.
I notice that elastic-endpoint connect network traffic a lot less that auditbeat.
After some investigation i appear that elasitc-endpoint does not log traffic from other server that connect to the server via some process while auditbeat can do that.
Can someone explain to me how that work and how enable endpoint to collect the network traffic from other server connect to the endpoint as well.
Have you taken a look at the Elastic Agent Network integration? With this integration, it is possible to collect netflow and other network protocols for a better detailing of events.
After trying the network,
i'm still feel like that is not like that with auditbeat.
For ex:
from 1 of the client i use telnet command to telnet the server on port 443.
With auditbeat that traffic is loged successfully but with both endpoint and network integration that connection is not loged at all.
Is there a way to config the network to capture all traffic to the end server like that of auditbeat.
In the Network integration, did you enable the netflow function? In fact, for some auditing features, auditbeat is still the most recommended. Did you also enable FIM integration?
I have enable the netflow function but still no good.
What do you mean by this, i though endpoint was suppose to be better than auditbeat. Can you specified which part does auditbeat do better that elastic agent integrations.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.