I was just wondering if this was possible.
- We install osquery on endpoints
- We use Filebeat to monitor the osquery results file. Each time an automated query is undertaken then file beat ships the results in JSON form to Graylog.
- On the Graylog side, we use the ‘Elastic Beats Input Plugin’ to provide inputs for filebeat data from Osquery?
Am I missing something?