If you haven’t purchased Perch SIEM, please reach out to your sales representative.

Using auditbeat on Mac and Linux

Download Auditbeat from Elastic

Installing and Configuring Beats

  1. Locate and execute the downloaded installer for auditbeat.

  2. Edit auditbeat.yml and add the following information into the config file. This is how auditbeat knows where to send your information. Replace the perch-client-token-here value in the X-Perch-Header: field with the Client Token of your company, found here.

    #================ Custom Perch Output ================
      hosts: ['']
        X-Perch-Header: 'perch-client-token-here'
      protocol: 'https'
  3. Start auditbeat: ./auditbeat -c auditbeat.yml -e