Using Winlogbeat to populate a CMDB and Application Portfolio

Hi all,

I have a demand here at where I work to create a CMDB and a Application Portfolio. At first we thought about acquiring ServiceNow's Discovery or Dynatrace, but we'd like to test with ELK's Winlogbeat or any other beat that might help us.

I managed to install Winlogbeat on a VM and configure it, but I'm having a hard time getting the application names.

So, here are my questions:

  1. Is it possible to build a CMDB/Application Portfolio with Winlogbeat?
  2. How can I get the application names?
  3. What are other sources of information to learn about Kibana/ELK?


From a security perspective Winlogbeat can be a powerful tool to help you monitor what processes are starting/stopping, filesystem activity, user logon/logoff, network communication, registry changes, etc. It primarily collects information about what happing on the system via event logs and sends that data to ES. You could use this information to derive what apps are present, but it's an indirect approach. It doesn't specifically try to build a CMDB.

Auditbeat's file integrity module could be used to build an inventory of files (like watch C:\windows and C:\Program Files) and report any changes to those locations.

Metricbeat's windows module can report what services are running/failed/disabled. Its system module can report all kinds of metrics about a host (cpu, disk, memory, processes).

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.