I have a demand here at where I work to create a CMDB and a Application Portfolio. At first we thought about acquiring ServiceNow's Discovery or Dynatrace, but we'd like to test with ELK's Winlogbeat or any other beat that might help us.
I managed to install Winlogbeat on a VM and configure it, but I'm having a hard time getting the application names.
So, here are my questions:
Is it possible to build a CMDB/Application Portfolio with Winlogbeat?
How can I get the application names?
What are other sources of information to learn about Kibana/ELK?
From a security perspective Winlogbeat can be a powerful tool to help you monitor what processes are starting/stopping, filesystem activity, user logon/logoff, network communication, registry changes, etc. It primarily collects information about what happing on the system via event logs and sends that data to ES. You could use this information to derive what apps are present, but it's an indirect approach. It doesn't specifically try to build a CMDB.
Auditbeat's file integrity module could be used to build an inventory of files (like watch C:\windows and C:\Program Files) and report any changes to those locations.
Metricbeat's windows module can report what services are running/failed/disabled. Its system module can report all kinds of metrics about a host (cpu, disk, memory, processes).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.