Beats agents run on many hosts and often hold credentials for output backends.
¶ Agent and Credential Security
- Use dedicated output credentials per environment.
- Restrict local file permissions for beat configs and keystores.
- Enable built-in keystore for sensitive secrets.
¶ Transport and Output Controls
- Enforce TLS/mTLS to Elasticsearch/Logstash outputs.
- Restrict allowed output endpoints by firewall/egress policy.
- Use index lifecycle and role-based permissions to isolate data access.