Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Docs] Filebeat auditd module capabilities are unclear #17094

Closed
rwaight opened this issue Mar 18, 2020 · 0 comments · Fixed by #17068
Closed

[Docs] Filebeat auditd module capabilities are unclear #17094

rwaight opened this issue Mar 18, 2020 · 0 comments · Fixed by #17068
Labels
docs Filebeat Filebeat

Comments

@rwaight
Copy link
Contributor

rwaight commented Mar 18, 2020
edited
Loading

As discussed internally, the Filebeat auditd module parsing and enrichment capabilities are not the same as the Auditbeat auditd module parsing and enrichment capabilities; however, the source document includes an unclear statement from the "what happens" document.

We should add a note/disclaimer to the Filebeat auditd module documentation to notify users that the Filebeat auditd module parsing and enrichment capabilities are not the same as the Auditbeat auditd module parsing and enrichment capabilities.

Given the documentation gap, I have also filed #17068 to clarify the capabilities of the Filebeat auditd module.

The exception to this docs issue would be if #6484 was implemented, where the parsing logic used in the Auditbeat auditd module would be ported over to the Filebeat auditd module. If #6484 was implemented, we would not need to make changes to the current documentation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
docs Filebeat Filebeat
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Clarify capabilities of the Filebeat auditd module elastic/beats
1 participant
@rwaight