1. xoap.io - Documentation Hub > 
  2. About insights.XO > 
  3. Get Started > 
  4. Beats > 
  5. Auditbeat Configuration

Auditbeat Configuration

Configuration

This is a example configuration for Auditbeat. You can use it as a starting point to further define which data you want to gather.

Please be aware of the fact that more data needs more storage space and that you might need to order additional space or bigger instances.

auditbeat.modules:

- module: file_integrity
  enabled: true
  paths:
    - C:/Windows
    - C:/Windows/system32
    - C:/Program Files
    - C:/Program Files (x86)
    - C:/ProgramData
      scan_at_startup: true

output.elasticsearch:
hosts: ["Insights URL"]
protocol: "HTTP"
username: "Authentication Name"
password: "Authentication PW"
index: "auditbeat"
xpack.enabled: false
bulk_max_size: 800
worker: 2
compression_level: 9

setup.ilm.enabled: false
setup.ilm.check_exists: false
setup.dashboards.enabled: false
setup.template.enabled: false
setup.template.overwrite: false

processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~

Updated on 20 Jun 2022