Layer-based ingestion

A threat hunting architecture relies on rich and reliable data ingestion that will allow you to detect and investigate anomalous behaviors. In our scenario, we need to use both data coming from end user workstations and data coming from the network. Luckily, we have Packetbeat and Winlogbeat, which capture the network activity and ingest logs generated on Windows machines, respectively. These can be downloaded from, where all the Beats are listed:

As you can see, they are not the only Beats available to ingest data from; there are different Beats for different purposes. Each Beat ...

Get Machine Learning with the Elastic Stack now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.