File integrity Monitoring with elasticsearch


(Krunal Kalaria) #1

Hello Folks,

I want to know any file integrity monitoring solution integration is their with elastic stack ?

I am using OSSEC Wazuh for FIM but i want other open source or any FIM solution that we can integrate with Elastic Stack.

Kindly suggest if anyone know or idea about this.

Thanks & Regards,
Krunal.


(Mark Walkom) #2

What sort of things do you want to do?
Auditbeat can watch files for changes for eg - https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-file_integrity.html


(Krunal Kalaria) #3

Hey @warkolm,

Thanks for reaching out.

I want logs when someone will create a new file , Modify and delete the file and who is the user and path that have been perform above action.

i tried auditbeat but whenever i was create file in some specific path and delete that and modify that file then i did not receive those logs why i don't know.

And i tried with RPM and tar and using yum install but when i was tried with RPM and Yum install then it will give me one error while tried to install template manually no any auditbeat.yml and field.yml find but actually is there.

and when i was tried using tar then it was worked fine but logs are not coming as how i want.

Kindly give me some guidelines and suggestions.

Thanks & Regards,
Krunal.


(Mark Walkom) #4

Perhaps you should start a new thread in the Auditbeat category with some more info and try to get those problems fixed?


(Krunal Kalaria) #5

Okk now i am using auditbeat in windows machine and it is working fine for me i will explore latter in RHEL server thanks for your help.:slightly_smiling_face:


(system) #6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.