i'm totally new to Elastic stack and the beats family.
I need to alert on either just files downloaded of files download over 10mb
i've installed filebeat and auditbeat and still can't work how you do this
Any advice would be very welcome
Hey @stravze, welcome to discuss 
Could you give more details on your scenario? For example, are the files downloaded to your servers or from your server?
Hiya
I was hoping to monitor /home directory on our linux hosts to monitor all users on that host, and to trigger an alert on any new file downloaded. so for example:
User james
/home/james
downloads the filebeat, this will trigger an alert etc
regards
James
Events coming from the file_integrity module of Auditbeat include the size of the file in the file.size field. Would this help in your case?
Once the file size is collected, you can create an alert Alerting and Actions | Kibana Guide [7.11] | Elastic
perfect thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.