Which beat to use?

Murango · July 29, 2020, 5:46am

Hello,

Does anyone know which beat to use for monitoring:

File attributes on windows - I have already checked auditbeat but there is no such option for Windows
File shifts between folders on windows - Here auditbeat only indicates the start path, there is no information where the file was moved.
Is it possible to compare two files (in elastic or kibana) to find out that they are the same/find the differences? Such a diff on linux but on elastic.

Thank you in advance for your help!

fgjensen · July 29, 2020, 8:51am

Auditbeat includes the File Integrity Module which on Windows uses the ReadDirectoryChangesW function. This function reports 8 types of changes to files in a directory like rename, change of size etc.
If your use case requires more options then you may configure a Windows system monitoring tool to write the required changes to the eventlog and collect this log with Winlogbeat.
Auditbeat on Windows and Winlogbeat seem to have less functionalities that the *nix versions, but hopefully they catch up in the upcoming releases.

system · August 26, 2020, 10:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auditbeat File Integrity (Windows OS) Doesn't Capture WHO Changed Files? Beats auditbeat	4	829	March 26, 2021
Auditbeat on windows for FIM Beats auditbeat	4	1029	November 19, 2018
Monitor Windows Filesystem changes Beats winlogbeat , auditbeat	1	197	April 2, 2024
Auditbeat configuring file Beats auditbeat	2	364	March 22, 2019
Auditbeat File arrival monitoring Beats auditbeat	4	640	November 21, 2018

Which beat to use?

Related topics