Issue monitoring registry key using elastic agent (File Integrity Monitoring integration)

Hello.
Recently a deploy elastic stack with elastic agent and it seem to be no monitoring registry key, however if I place a folder directory it works file, however not with registry key path, any suggestion what to monitor this event registry key are really an important matter here.

{"log.level":"warn","@timestamp":"2024-10-18T21:27:26.640Z","message":"Failed to resolve symlink","component":{"binary":"auditbeat","dataset":"elastic_agent.auditbeat","id":"audit/file_integrity-default","type":"audit/file_integrity"},"log":{"source":"audit/file_integrity-default"},"service.name":"auditbeat","scanner_id":18,"error":{"message":"CreateFile HKEY_LOCAL_MACHINE: The system cannot find the file specified."},"log.origin":{"file.line":101,"file.name":"file_integrity/scanner.go"},"ecs.version":"1.6.0","log.logger":"file_integrity","file_path":"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run","ecs.version":"1.6.0"}

Hello and welcome,

The File Integratiy Monitoring can not monitor Registry Key, that's why you got this error.

If I'm not wrong only the Elastic Defend integration looks into Registry Key.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.