A threat hunting architecture relies on rich and reliable data ingestion that will allow you to detect and investigate anomalous behaviors. In our scenario, we need to use both data coming from end user workstations and data coming from the network. Luckily, we have Packetbeat and Winlogbeat, which capture the network activity and ingest logs generated on Windows machines, respectively. These can be downloaded from https://www.elastic.co/downloads/beats, where all the Beats are listed:
As you can see, they are not the only Beats available to ingest data from; there are different Beats for different purposes. Each Beat ...