I'm currently setting up Network Beaconing Identification, and I'm fairly new to how Elastic has Agent Policies and where would one need to install an integration to correlate said logs. My thinking is, I should install Network Beaconing Identification on an AD or some server that has ample communications? Or is it better to spread this integration throughout the infrastructure to gather the information that I would need for tracking beacons? Any help would be appreciated!
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Understanding - Basics about Agents/Integrations | 1 | 39 | September 26, 2024 | |
| Elastic-endpoint installed although defend integration is not applied to policy | 5 | 477 | March 7, 2024 | |
| Is Network Traffic (Fleet Integration) the new Packetbeat? - Missing Netfow? | 7 | 1331 | November 4, 2022 | |
| Elastic Agent and Tagging | 3 | 711 | May 12, 2022 | |
| What is Elastic agent? | 7 | 713 | November 24, 2022 |