Detecting threats on Linux hosts with Auditbeat

If your mission is to defend your organization from cyber threats, you need to know what’s happening on your hosts. What processes are running on each of your servers? Which user accounts have logged into which endpoint? Have previous attackers been entirely vanquished or do they still have a foothold?

Elastic’s lightweight Auditbeat agent provides information from your Linux-based hosts to answer these questions. Whether your hosts are physical or virtual, Auditbeat provides valuable telemetry for your servers, endpoints, and other form factors. Auditbeat’s new system module extends its functionality to perform out-of-the-box collection and analysis of several key data sets.

In this webinar, Christoph Wurm, Elastic Sr. Software Engineer, and Neil Desai, Elastic Security Specialist, show you how to apply host data from your Linux systems to detect threats targeting your environment. Their demo will show:

  • Ingestion of data from Linux systems using Auditbeat
  • Configuration of file integrity monitoring for key system files
  • Detection of attacks with automated analytics in Elasticsearch
  • Analysis and visualization of Linux host data with Kibana

Additional Resources:

Register to Watch

You'll also receive an email with related content

Christoph Wurm

Christoph is a Software Engineer at Elastic in London. He writes code to make the Elastic Stack work better for security analysts users all over the world.

Neil Desai

Neil Desai is a Security Specialist for Elastic. He has over two decades of information security experience. In past roles, he built Security Operations Centers (SOCs) and architected defensible and monitorable infrastructures for Fortune 500 US financial institutions.