Secure Auditbeat [securing-auditbeat]

The following topics provide information about securing the Auditbeat process and connecting to a cluster that has {{security-features}} enabled.

You can use role-based access control and optionally, API keys to grant Auditbeat users access to secured resources.

• Grant users access to secured resources
• Grant access using API keys.

After privileged users have been created, use authentication to connect to a secured Elastic cluster.

• Secure communication with Elasticsearch
• Secure communication with Logstash

On Linux, Auditbeat can take advantage of secure computing mode to restrict the system calls that a process can issue.

• Use Linux Secure Computing Mode (seccomp)