This list summarizes the most important enhancements in Beats. For the complete list, go to Beats release highlights.

Scripted processingedit

In this release, Beats offers a script processor for processing events with Javascript code. It also includes an event API that eases the overall event manipulation experience. As Beats often run on host servers, the script processor has been properly sandboxed to only execute ECMAScript 5.1 code. It can therefore only manipulate the event that it’s given and cannot interact with the host or any external services.

Security analyticsedit

Beats adds several new integrations for security use cases. Filebeat offers new logging modules for popular firewall technologies. The Palo Alto Networks module monitors PAN-OS firewall logs, and the Cisco ASA module monitors Cisco ASA firewall logs. These logs can be received via syslog or extracted directly from a file. Filebeat also offers a new NetFlow module that monitors NetFlow and IPFIX flow records.

Beyond these integrations, the 7.2 release introduces the Elastic SIEM application in Kibana.

Cloud monitoringedit

The NATS module is now available in Filebeat for monitoring the NATS messaging system logs. This complements the NATS module in Metricbeat that was introduced in Beats 7.0.0. This release also adds CoreDNS modules in Filebeat and Metricbeat to monitor CoreDNS logs and metrics.

Filebeat also introduces a new container input as a more dynamic way of collecting container logs. It supports auto-detection of both Docker and CRI-O log formats. CRI-O is an increasingly popular container runtime for Kubernetes. You should use the container input in favor of the existing Docker input, which is now deprecated.

Windows monitoringedit

Winlogbeat adds two new modules in this release. The Sysmon module monitors event log records from the Sysinternals System Monitor, and the Security module monitors Windows security event logs. This release also adds support for the newer Windows XML Event Log (EVTX) format.