Perch Help
menu
close Browse All Contact Us

S I E M

Configuring Beats for Perch

Getting started

Note:

If you haven’t purchased the Perch SIEM, please reach out to your sales representative.

TIP:

If you’re looking for instructions on deploying the Perch Log Shipper on Windows or Mac, please refer to these articles:

Configuring Perch Log Shipper on Windows

Configuring Perch Log Shipper on Mac

Installing and configuring Beats

  1. Download and configure Auditbeat from Elastic.

  2. Edit auditbeat.yml and add the following information into the config file. This is how Auditbeat knows where to send your information.

    #================ Custom Perch Output ================
output.elasticsearch:
  hosts: ['ingest.perchsecurity.com:443/elastic']
  headers:
    X-Perch-Header: 'perch-client-token-here'
  protocol: 'https'

  3. Replace the perch-client-token-here value in the X-Perch-Header: field with the Client Token of your company, found here.

  4. Start Auditbeat: ./auditbeat -c auditbeat.yml -e