FICHA · AUR

auditbeat

Audit the activities of users and processes on your system

  • security-audit-agent
  • DAEMON
  • SECURITY
  • MONITORING
  • Launchable
  • Background service
official+codex · reviewed · May 30, 2026 description in en

Description

User and process activity can be collected for security auditing and sent into an Elastic observability workflow. It is useful for administrators tracking system events, policy changes, and suspicious behavior.

Audit data is highly sensitive and can include commands, file paths, users, and security events. Configure collection scope, access control, retention, and alerting carefully.

How to run

auditbeat.service

Permissions

Permissions not analysed for this source yet.