Installation & Configuration

In order to use insights.XO you will need the Opensearch beats in the OSS version on your client.\

For each Beat you will find an OSS version at the very end at the point “Notes” on the downloadpage of Elastic. Or you’ll just follow the link below for the Auditbeat.\

Download OSS Version:
Download full Version:

We are offering also PSADT Packages in order to install the Beats.

  1. Download the Auditbeat Windows zip file from the downloads page.
  2. Extract the contents of the zip file into C:\Program Files.
  3. Rename the auditbeat-“version”-windows directory to Auditbeat.
  4. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
  5. From the PowerShell prompt, run the following commands to install Auditbeat as a Windows service:
PS > cd 'C:\Program Files\Auditbeat'
PS C:\Program Files\Auditbeat> .\install-service-auditbeat.ps1

Example Configuration

This is a basic configuration for the Auditbeat which has to be placed in the “auditbeat.yml” of the installation folder.
Events will be generated if a file changed in one of the paths specified.

  • C:/windows
  • C:/windows/system32
  • C:/Program Files
  • C:/Program Files (x86)
- module: file_integrity
  - C:/windows
  - C:/windows/system32
  - C:/Program Files
  - C:/Program Files (x86)

  hosts: ["Insights URL"]
  protocol: "HTTP"
  username: "Authentication Name"
  password: "Authentication PW"
  xpack.enabled: false
setup.ilm.enabled: false

  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

If you want to know more on how to configure the beats in general follow the links below:

Auditbeat - Installation & Configuration Documentation
Elastic Documentation