Detecting threats on Linux hosts with Auditbeat

Christoph Wurm

Senior Product Manager

Elastic

Neil Desai

Security Specialist

Elastic

If your mission is to defend your organization from cyber threats, you need to know what’s happening on your hosts. What processes are running on each of your servers? Which user accounts have logged into which endpoint? Have previous attackers been entirely vanquished or do they still have a foothold?

Elastic’s lightweight Auditbeat agent provides information from your Linux-based hosts to answer these questions. Whether your hosts are physical or virtual, Auditbeat provides valuable telemetry for your servers, endpoints, and other form factors. Auditbeat’s new system module extends its functionality to perform out-of-the-box collection and analysis of several key data sets.

In this webinar, Christoph Wurm, Elastic Sr. Software Engineer, and Neil Desai, Elastic Security Specialist, show you how to apply host data from your Linux systems to detect threats targeting your environment. Their demo will show:

• Ingestion of data from Linux systems using Auditbeat
• Configuration of file integrity monitoring for key system files
• Detection of attacks with automated analytics in Elasticsearch
• Analysis and visualization of Linux host data with Kibana

Additional Resources:

• Docs: Auditbeat Reference
• Blog: Introducing the Auditbeat System Module 
• Webinar: Detecting Threats by Analyzing Windows Event Logs with the Elastic (ELK) Stack
• Blog: Beats 7.x released