In order to use insights.XO you will need the Opensearch beats in the OSS version on your client.\
For each Beat you will find an OSS version at the very end at the point “Notes” on the downloadpage of Elastic. Or you’ll just follow the link below for the Auditbeat.\
Download OSS Version: https://www.elastic.co/downloads/beats/auditbeat-oss
Download full Version: https://www.elastic.co/downloads/beats/auditbeat
We are offering also PSADT Packages in order to install the Beats.
- Download the Auditbeat Windows zip file from the downloads page.
- Extract the contents of the zip file into C:\Program Files.
- Rename the auditbeat-“version”-windows directory to Auditbeat.
- Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
- From the PowerShell prompt, run the following commands to install Auditbeat as a Windows service:
PS > cd 'C:\Program Files\Auditbeat' PS C:\Program Files\Auditbeat> .\install-service-auditbeat.ps1
This is a basic configuration for the Auditbeat which has to be placed in the “auditbeat.yml” of the installation folder.
Events will be generated if a file changed in one of the paths specified.
- C:/Program Files
- C:/Program Files (x86)
auditbeat.modules: - module: file_integrity paths: - C:/windows - C:/windows/system32 - C:/Program Files - C:/Program Files (x86) output.elasticsearch: hosts: ["Insights URL"] protocol: "HTTP" username: "Authentication Name" password: "Authentication PW" xpack.enabled: false setup.ilm.enabled: false processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~
If you want to know more on how to configure the beats in general follow the links below: