Just thinking out loud here....
Is it possible to leverage filebeat to ingest installed rpms on any given hosts and use elastic as a means to see what vulnerabilities we have in our environment? I'm just about positive that I can but trying to think of how to piece it all together. Something like a poor mans Nessus report, if you will.
Our local host can have a daily cron write to a file that filebeat picks up and reads. I could put that into a new index and format that data into kv pairs for searching but I'm slowing down on exactly how best to achieve this.
Has anyone attempted to do something like this?