Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Auditbeat] Backport #9546 to 6.x: Add system module #9581

Merged
merged 33 commits into from
Dec 18, 2018
Merged

[Auditbeat] Backport #9546 to 6.x: Add system module #9581

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
ef247ed
Add skeleton x-pack Auditbeat module (#8252)
andrewkroh Sep 18, 2018
d22fb54
Rename sysinfo module to system (#8356)
Sep 19, 2018
3fcd001
[Auditbeat] Add host, packages, and processes metricsets (#8436)
Oct 19, 2018
627d520
Fixes after merging master into feature branch.
Nov 13, 2018
879f32f
[Auditbeat] Add user metricset (#8835)
Nov 16, 2018
30f3ce4
[Auditbeat] Socket metricset (#8834)
Nov 30, 2018
1e3f4bf
[Auditbeat] Disable user metricset on non-Linux systems (#9368)
Dec 4, 2018
f51d36c
[Auditbeat] Update process metricset (#9139)
Dec 6, 2018
86ec03e
Add CI testing to x-pack/auditbeat (#9362)
andrewkroh Dec 7, 2018
8b3d5a8
[Auditbeat] Update host metricset (#9421)
Dec 11, 2018
9d68625
[Auditbeat] Make detecting password changes optional (#9461)
Dec 11, 2018
f41a560
[Auditbeat] Change event.type to event.kind (#9489)
Dec 12, 2018
381e779
[Auditbeat] Disable packages metricset (#9495)
Dec 12, 2018
ac6fbec
[Auditbeat] Namespace system module to system.audit (#9499)
Dec 12, 2018
2b0f240
[Auditbeat] Set auditbeat.max_start_delay to 0 for system tests. (#9500)
Dec 12, 2018
18af477
[Auditbeat] Add message field to system module (#9483)
Dec 12, 2018
b0e756b
[Auditbeat] System module documentation (#9512)
Dec 14, 2018
6f5f20f
[Auditbeat] Fix process metricset when not root (#9497)
Dec 14, 2018
0f84d05
Re-generate configs to include ILM.
Dec 14, 2018
71362b3
Re-add newlines to configs.
Dec 14, 2018
5f48d60
Temporarily disable docs references to x-pack/auditbeat
Dec 14, 2018
072e632
Re-generate x-pack configs
Dec 14, 2018
8f49938
Fix make beats-dashboards
Dec 15, 2018
c3f9d13
Fix make update
Dec 16, 2018
0a6f5d2
Fix make commands in x-pack/auditbeat
Dec 16, 2018
881b4f9
Fix mage integtest
Dec 16, 2018
fff5977
Fix x-pack/auditbeat make testsuite
Dec 16, 2018
a051656
Fix process test
Dec 16, 2018
bab903b
Fix auditbeat/ make testsuite
Dec 16, 2018
0a43226
Remove disabled packages metricset.
Dec 17, 2018
86fd446
Add missing dependency.
Dec 17, 2018
ce12565
Add ECS fields
Dec 18, 2018
0924fdf
Add to CHANGELOG
Dec 17, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Re-generate x-pack configs
  • Loading branch information
Christoph Wurm committed Dec 15, 2018
commit 072e632febc9da7cc669623f7ded00922db1129a
2 changes: 2 additions & 0 deletions x-pack/auditbeat/auditbeat.reference.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ auditbeat.modules:
## Unauthorized access attempts.
#-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
#-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access

# The file integrity module sends events when files are changed (created,
# updated, deleted). The events contain file metadata and hashes.
- module: file_integrity
Expand Down Expand Up @@ -108,6 +109,7 @@ auditbeat.modules:

# Detect changes to files included in subdirectories. Disabled by default.
recursive: false

# The system module collects security related information about a host.
# All metricsets send both periodic state information (e.g. all currently
# running processes) and real-time changes (e.g. when a new process starts
Expand Down
1 change: 1 addition & 0 deletions x-pack/auditbeat/auditbeat.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ auditbeat.modules:
## Unauthorized access attempts.
#-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EACCES -k access
#-a always,exit -F arch=b64 -S open,creat,truncate,ftruncate,openat,open_by_handle_at -F exit=-EPERM -k access

- module: file_integrity
paths:
- /bin
Expand Down