The configuration file e.g. for Auditbeat needs to contain your created OpenSearch URL and authentication credentials.
For the credentials - password and username - navigate to the Overview area of insights.XO:
This is a basic configuration for the Auditbeat which has to be placed in the “auditbeat.yml” of the installation folder.
Events will be generated if a file changed in one of the paths specified.
- C:/Program Files
- C:/Program Files (x86)
The template defines which data should be gathered. Then the installation package needs to be configured to use the customers dedicated insights.XO backend. And only if the agents have been deployed and connected to the backend data will be shown.
auditbeat.modules: - module: file_integrity paths: - C:/windows - C:/windows/system32 - C:/Program Files - C:/Program Files (x86) output.elasticsearch: hosts: ["Insights URL"] protocol: "HTTP" username: "Authentication Name" password: "Authentication PW" xpack.enabled: false setup.ilm.enabled: false processors: - add_host_metadata: ~ - add_cloud_metadata: ~ - add_docker_metadata: ~ - add_kubernetes_metadata: ~
You need to adjust username and password during group adjustment or when you add the application to a group. Refer to the example below: