I am currently engaged in an exploration of Elastic Stack's Beats products, specifically Packetbeats, FileBeats, WinlogBeats, and Metricbeats, across Linux and Windows platforms. My end goal is to leverage these tools for data collection in a lab environment, simulate attacks on these systems, and subsequently classify the logs into two categories: 'Benign' and 'Malign,' based on whether they correlate to a malicious or normal activity.
While I've made some progress in learning the data collection capabilities of these Beats, I believe I'm not fully utilizing the extensive configuration options available. I find some concepts in the official documentation to be challenging.
Feasibility: Is it practically achievable to set up the Beats for the specific purpose of collecting and labeling data as 'Benign' or 'Malign'? Are there existing configuration options that can facilitate this?
Additional Resources: Aside from the official documentation, could you recommend any alternative sources of information, such as videos or blogs, that delve into advanced data collection and processing techniques with the Beats?
I appreciate your insights and apologize if my initial question lacked clarity. Also, given that I don't know which is the correct channel or room for this question, I will post it in some rooms. I hope you kind understand. Thank you.
Hello @Oscar_Llerena, Welcome to the Elastic community. I am not sure what kind of data collection you are looking for. But if we take example for reading logs you can go with filebeat as you've already explored and you can label it according to your requirement.
It is generic way but if you can give more details about your requirement in case it is very custom.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.