I was watching a webinar of SIEM with version 7.2 of elastic, and the speaker use multiples agents (Auditbeat, packetbeat, and filebeat agents) to feed SIEM, and now with elastic 7.11 there is a new agent, Endpoint, I was wondering if this agent replace the use of the other agents.
Currently, from Beats and Elastic Agent capabilities | Fleet and Elastic Agent Guide [8.11] | Elastic;
- Support for only Filebeat, Metricbeat, and Endpoint Security
My understanding is that we are working on rolling the other beats into the agent.
Hello. There seems to be some terminology confusion, so I capitalized proper nouns below.
At this time, the Endpoint Security integration, which includes the Elastic Endpoint, is not intended to replace the System integration, which includes various Beats. All of these integrations are orchestrated by Fleet / Elastic Agent. If you deploy an Elastic Agent with either of the aforementioned integrations enabled, Agent will deploy and manage the corresponding Endpoint/Beat.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.