We have quite lot of devices sending auditd dataset via syslog and/or filebeats (where we don't have control to install auditbeat). Does anyone have a auditd module for parsing the dataset and enrichment within logstash? (not using auditbeat)
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.