Configure Agents

Example Configuration

The configuration file e.g. for Auditbeat needs to contain your created OpenSearch URL and authentication credentials.

For the credentials - password and username - navigate to the Overview area of insights.XO:

Credentials for example configuration

This is a basic configuration for the Auditbeat which has to be placed in the “auditbeat.yml” of the installation folder.
Events will be generated if a file changed in one of the paths specified.

  • C:/windows
  • C:/windows/system32
  • C:/Program Files
  • C:/Program Files (x86)
auditbeat.modules:
- module: file_integrity
  paths:
  - C:/windows
  - C:/windows/system32
  - C:/Program Files
  - C:/Program Files (x86)

output.elasticsearch:
  hosts: ["Insights URL"]
  protocol: "HTTP"
  username: "Authentication Name"
  password: "Authentication PW"
  xpack.enabled: false
setup.ilm.enabled: false

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~