7.2 release highlights
edit7.2 release highlights
editEach release of Beats brings new features and product improvements. Following are the most notable features and enhancements in 7.2.
For a complete list of highlights, see the Beats 7.2 release blog.
For a list of bug fixes and other changes, see the Beats Breaking Changes and Release Notes.
Scripted processing
editIn this release, Beats offers a script processor for processing events with Javascript code. It also includes an event API that eases the overall event manipulation experience. As Beats often run on host servers, the script processor has been properly sandboxed to only execute ECMAScript 5.1 code. It can therefore only manipulate the event that it’s given and cannot interact with the host or any external services.
Security analytics
editBeats adds several new integrations for security use cases. Filebeat offers new logging modules for popular firewall technologies. The Palo Alto Networks module monitors PAN-OS firewall logs, and the Cisco ASA module monitors Cisco ASA firewall logs. These logs can be received via syslog or extracted directly from a file. Filebeat also offers a new NetFlow module that monitors NetFlow and IPFIX flow records.
Beyond these integrations, the 7.2 release introduces the Elastic SIEM application in Kibana.
Cloud monitoring
editThe NATS module is now available in Filebeat for monitoring the NATS messaging system logs. This complements the NATS module in Metricbeat that was introduced in Beats 7.0.0. This release also adds CoreDNS modules in Filebeat and Metricbeat to monitor CoreDNS logs and metrics.
Filebeat also introduces a new container input as a more dynamic way of collecting container logs. It supports auto-detection of both Docker and CRI-O log formats. CRI-O is an increasingly popular container runtime for Kubernetes. You should use the container input in favor of the existing Docker input, which is now deprecated.
Windows monitoring
editWinlogbeat adds two new modules in this release. The Sysmon module monitors event log records from the Sysinternals System Monitor, and the Security module monitors Windows security event logs. This release also adds support for the newer Windows XML Event Log (EVTX) format.