Beats highlights
editBeats highlights
editThis list summarizes the most important enhancements in Beats. For the complete list, go to Beats release highlights.
Scripted processing
editIn this release, Beats offers a script processor for processing events with Javascript code. It also includes an event API that eases the overall event manipulation experience. As Beats often run on host servers, the script processor has been properly sandboxed to only execute ECMAScript 5.1 code. It can therefore only manipulate the event that it’s given and cannot interact with the host or any external services.
Security analytics
editBeats adds several new integrations for security use cases. Filebeat offers new logging modules for popular firewall technologies. The Palo Alto Networks module monitors PAN-OS firewall logs, and the Cisco ASA module monitors Cisco ASA firewall logs. These logs can be received via syslog or extracted directly from a file. Filebeat also offers a new NetFlow module that monitors NetFlow and IPFIX flow records.
Beyond these integrations, the 7.2 release introduces the Elastic SIEM application in Kibana.
Cloud monitoring
editThe NATS module is now available in Filebeat for monitoring the NATS messaging system logs. This complements the NATS module in Metricbeat that was introduced in Beats 7.0.0. This release also adds CoreDNS modules in Filebeat and Metricbeat to monitor CoreDNS logs and metrics.
Filebeat also introduces a new container input as a more dynamic way of collecting container logs. It supports auto-detection of both Docker and CRI-O log formats. CRI-O is an increasingly popular container runtime for Kubernetes. You should use the container input in favor of the existing Docker input, which is now deprecated.
Windows monitoring
editWinlogbeat adds two new modules in this release. The Sysmon module monitors event log records from the Sysinternals System Monitor, and the Security module monitors Windows security event logs. This release also adds support for the newer Windows XML Event Log (EVTX) format.