This is a example configuration for Auditbeat. You can use it as a starting point to further define which data you want to gather.
Please be aware of the fact that more data needs more storage space and that you might need to order additional space or bigger instances.
The following configuration file does not need to be adjusted with username and password:
auditbeat.modules: - module: file_integrity enabled: true paths: - C:/Windows - C:/Windows/system32 - C:/Program Files - C:/Program Files (x86) - C:/ProgramData scan_at_startup: true output.elasticsearch: hosts: ["Insights URL"] protocol: "HTTP" username: "Authentication Name" password: "Authentication PW" index: "auditbeat" xpack.enabled: false bulk_max_size: 800 worker: 2 compression_level: 9 setup.ilm.enabled: false setup.ilm.check_exists: false setup.dashboards.enabled: false setup.template.enabled: false setup.template.overwrite: false processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~
You need to adjust username and password during group adjustment or when you add the application to a group. Refer to example below: