Add systemd service status to SIEM host page

elastic / kibana

Your window into the Elastic Stack

https://www.elastic.co/products/kibana

Other

19.62k stars 8.22k forks source link

Add systemd service status to SIEM host page #50115

Open philippkahr opened 5 years ago

philippkahr commented 5 years ago

Describe the feature:

@fearful-symmetry released a systemd integration to find out if services are stopped, dead, running. https://github.com/elastic/beats/pull/14206 I think it would be nice if those show up in the SIEM app as an extra tab. Maybe it is possible to correlate the uncommon processes to the systemd services? E.g. is a process was spawned from systemd?

elasticmachine commented 5 years ago

Pinging @elastic/siem (Team:SIEM)

willemdh commented 5 years ago

Same for Windows services pls

philippkahr commented 5 years ago

@willemdh true! Windows services are already collected with metricbeat and the windows module.