I would like to monitor files inside a directory for the file description like version, code signature etc. without uploading the files to Elastic Search. I found this File fields but not sure how to add these fields in filebeat.yml. Any sample will be great.
Monitoring files can be done with Auditbeat: File Integrity Module | Auditbeat Reference [7.10] | Elastic
Thanks, I tried auditbeat and getting the following fields only. No file.pe.version as mentioned in the link .. PE Header Fields | Elastic Common Schema (ECS) Reference [1.7] | Elastic
fields.type, file.ctime, file.drive_letter, file.extension, file.hash.sha1, file.inode, file.mime_type, , file.mtime, file.owner, file.path, file.size, file.type, file.uid
Do I need to enable any other module to get File.pe* ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.