If you haven’t purchased Perch SIEM, please reach out to your sales representative.
Locate and execute the downloaded installer for auditbeat.
Edit auditbeat.yml and add the following information into the config file. This is how auditbeat knows where to send your information. Replace the perch-client-token-here value in the X-Perch-Header: field with the Client Token of your company, found here.
#================ Custom Perch Output ================ output.elasticsearch: hosts: ['ingest.perchsecurity.com:443/elastic'] headers: X-Perch-Header: 'perch-client-token-here' protocol: 'https'
./auditbeat -c auditbeat.yml -e