Installation & Configuration

In order to use insights.XO you will need the Elastic beats in the OSS version on your client.
For each Beat you will find an OSS version at the very end at the point “Notes” on the downloadpage of Elastic. Or you’ll just follow the link below for the Auditbeat.
Download OSS Version: https://www.elastic.co/downloads/beats/auditbeat-oss
Download full Version: https://www.elastic.co/downloads/beats/auditbeat

We are offering also PSADT Packages in order to install the Beats.

  1. Download the Auditbeat Windows zip file from the downloads page.
  2. Extract the contents of the zip file into C:\Program Files.
  3. Rename the auditbeat-“version”-windows directory to Auditbeat.
  4. Open a PowerShell prompt as an Administrator (right-click the PowerShell icon and select Run As Administrator).
  5. From the PowerShell prompt, run the following commands to install Auditbeat as a Windows service:
PS > cd 'C:\Program Files\Auditbeat'
PS C:\Program Files\Auditbeat> .\install-service-auditbeat.ps1

Example Configuration

This is a basic configuration for the Auditbeat which has to be placed in the “auditbeat.yml” of the installation folder.
Events will be generated if a file changed in one of the paths specified.

  • C:/windows
  • C:/windows/system32
  • C:/Program Files
  • C:/Program Files (x86)
auditbeat.modules:
- module: file_integrity
  paths:
  - C:/windows
  - C:/windows/system32
  - C:/Program Files
  - C:/Program Files (x86)

output.elasticsearch:
  hosts: ["Insights URL"]
  protocol: "HTTP"
  username: "Authentication Name"
  password: "Authentication PW"
  xpack.enabled: false
setup.ilm.enabled: false

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~

If you want to know more on how to configure the Auditbeat or the beats in general follow the links below
Auditbeat - Installation & Configuration Documentation
Elastic Documentation