FileBeats from Elastic. Install on any Windows/Mac/Linux client and configure logs to pipe to an ingest node. Use specific visualizations to identify suspicious activity.
Logstash 6.0 can have multiple pipelines.
Disk usage in 6.X will be more efficient
Upgrading to. 6.X from 5.X without a full cluster restart.
Kibana 6.X will support SAML out of the box. Yay!!!
Machine learning aims to solve the problem of having more data than feasible to manually process or search through. Once the data is understood, machine learning aids in acting upon this data.
Machine learning will assist in identifying trouble.