Hey together,
I am quit new to Elastic/Filebeat.
We have a couple of days findings via LOGBEAT of abusech.malware findings. I am quit wondering. I did not find ANY points of Malware infections with offline scanner or in Firewall that would be relating to an infection.
Is there any possibility to get the filepath of the HASH value that were find ? That I can check the files directly maybe.
Additionally the question, is Logbeat looking as well in files and databases ? My wild guess is, that LOGBEAT is finding the hashvalues in the Endpoint Protection files on the system.
Thanks for your help guys