All Collections
SIEM
How to install Auditbeat on Windows
How to install Auditbeat on Windows

This guide will walk you through installing the Auditbeat agent on Windows, for use with our SIEM service.

Matthew Elliott avatar
Written by Matthew Elliott
Updated over a week ago

Auditbeat is an agent that collects system-level data and sends this to our SIEM platform for storage and analysis. This differs from the log collector we asked you to configure.

During your SIEM onboarding, our Platform Engineering team will send you a deployment pack containing all of the software you need for us to start collecting your logs. This pack will contain a folder called auditbeat, which is what you'll need for this guide.

Installation

  1. If you haven't already done so, copy the auditbeat folder from the deployment pack to the Desktop on your Windows device.

  2. Open a PowerShell prompt as an administrator

  3. In PowerShell navigate to the auditbeat folder and run the following command to start the installation:

    .\auditbeat-install.ps1

    Note: if script execution is disabled on your system, run the below command to change the execution policy and allow the script to run:

    Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process

  4. Follow the onscreen prompt to enter your collector's IP address.

  5. Auditbeat will be downloaded. installed and configured.

  6. The Auditbeat service will start.

    That's it! πŸŽ‰ Auditbeat should start forwarding logs to your collector, please contact us to verify if we're receiving your logs.

Did this answer your question?