Okay, this are audit events generated by other processes (pam, sudo, etc.), and they show up even if Auditbeat itself install no rules for them.
To filter them out, the suggestion is to install a drop processor. Have a look at this answer:
Okay, this are audit events generated by other processes (pam, sudo, etc.), and they show up even if Auditbeat itself install no rules for them.
To filter them out, the suggestion is to install a drop processor. Have a look at this answer:
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.