Add a new processor to Filebeat, perhaps similar to the Logstash Fingerprint plugin, that captures the
initial values that were extracted from the entry and stores them in the indexed document as a hash value for later validation (and any changes will be fully monitored & audited).
This capability would be required for systems that serve as systems of record for legal evidence and must maintain "chain of custody" (non-repudiation) in proving data integrity. The original file would be saved off to long-term storage and could be validated later by using the same fingerprinting process on the original file by comparing to the saved initial value.
Add a new processor to Filebeat, perhaps similar to the Logstash Fingerprint plugin, that captures the
initial values that were extracted from the entry and stores them in the indexed document as a hash value for later validation (and any changes will be fully monitored & audited).
This capability would be required for systems that serve as systems of record for legal evidence and must maintain "chain of custody" (non-repudiation) in proving data integrity. The original file would be saved off to long-term storage and could be validated later by using the same fingerprinting process on the original file by comparing to the saved initial value.