This integration sets up templates and index patterns required for Endpoint Security.

For compatibility information view our documentation.

The log type of documents are stored in the logs-endpoint.* indices. The following sections define the mapped fields sent by the endpoint.

{{fields "alerts"}}

{{fields "file"}}

{{fields "library"}}

{{fields "network"}}

{{fields "process"}}

{{fields "registry"}}

{{fields "security"}}

The metrics type of documents are stored in metrics-endpoint.* indices. The following sections define the mapped fields sent by the endpoint.

{{fields "metadata"}}

Metrics documents contain performance information about the endpoint executable and the host it is running on.

{{fields "metrics"}}

{{fields "policy"}}