Elastic Agent and/or Filebeat

HI all. I have followed this guide ELK-SIEM/Deployment-Guide at main · watsoninfosec/ELK-SIEM · GitHub This installs ElasticSearch, Kibana, Logstash and Filebeat on Ubuntu. I have 3 Windows Servers showing as healthy. ELK version is 7.12

To enroll my Windows servers, I click on Fleet/Add Agent/Enroll in Fleet. I then download the Elastic Agent to Windows Server and copy the syntax into Powershell on the Windows server. This install the elastic agent.

If my policy includes the IIS integration do I still need to unzip Filebeats and configure the filebeat.yml?

So far, I can get my agents showing as healthy etc but if I want IIS stats do I need to manually install/configure filebeats too?

Elastic agent is there to do all the configurations and such for you :slight_smile:

That means that now and in the future, you only need to install Elastic Agent, configure the policies and the rest is taken care of.

Elastic Agent is currently in Beta though, so some filebeat functionality or modules might not be available yet. If you can see them in the integrations list when you create/modify a policy then it is available to be used for Agent.

The free Elastic Endpoint for example also uses Elastic Agent, so the setup is quite similar: Configure and install Elastic Endpoint integration | Elastic Security Solution [7.12] | Elastic

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.