Does anyone know which beat to use for monitoring:
File attributes on windows - I have already checked auditbeat but there is no such option for Windows
File shifts between folders on windows - Here auditbeat only indicates the start path, there is no information where the file was moved.
Is it possible to compare two files (in elastic or kibana) to find out that they are the same/find the differences? Such a diff on linux but on elastic.
Auditbeat includes the File Integrity Module which on Windows uses the ReadDirectoryChangesW function. This function reports 8 types of changes to files in a directory like rename, change of size etc.
If your use case requires more options then you may configure a Windows system monitoring tool to write the required changes to the eventlog and collect this log with Winlogbeat.
Auditbeat on Windows and Winlogbeat seem to have less functionalities that the *nix versions, but hopefully they catch up in the upcoming releases.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.