Each release of Beats brings new features and product improvements. Following are the most notable features and enhancements in 7.2.
For a complete list of highlights, see the Beats 7.2 release blog.
Beats adds several new integrations for security use cases. Filebeat offers new logging modules for popular firewall technologies. The Palo Alto Networks module monitors PAN-OS firewall logs, and the Cisco ASA module monitors Cisco ASA firewall logs. These logs can be received via syslog or extracted directly from a file. Filebeat also offers a new NetFlow module that monitors NetFlow and IPFIX flow records.
Beyond these integrations, the 7.2 release introduces the Elastic SIEM application in Kibana.
The NATS module is now available in Filebeat for monitoring the NATS messaging system logs. This complements the NATS module in Metricbeat that was introduced in Beats 7.0.0. This release also adds CoreDNS modules in Filebeat and Metricbeat to monitor CoreDNS logs and metrics.
Filebeat also introduces a new container input as a more dynamic way of collecting container logs. It supports auto-detection of both Docker and CRI-O log formats. CRI-O is an increasingly popular container runtime for Kubernetes. You should use the container input in favor of the existing Docker input, which is now deprecated.
Winlogbeat adds two new modules in this release. The Sysmon module monitors event log records from the Sysinternals System Monitor, and the Security module monitors Windows security event logs. This release also adds support for the newer Windows XML Event Log (EVTX) format.