Best Beats for Security Analytics and login checks


(VISHNU) #1

Hi,
I am having the following platform
OS - centos 7.4
ES - 6.2
Logstash - 6.2
Kibana - 6.2

Currently Iam using Packetbeat,filebeat and metricbeats in my clients. May I know whats the best beat that I can use in case I need to log the logins to my clients and the command execution logs.

Thanks in advance
Vishnu


(Noémi Ványi) #2

Auditbeat is a Beat intended for auditing actions and processes on your systems (as the name suggests). You can check it out here:

Also, enabling system module of Filebeat collects the logs including login events. See more here: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-system.html


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.