I am building soc lab environment to mentor students on using a SIEM and an EDR. I currently have Splunk installed in the environment and plan on exporting the logs and importing back into the student’s Splunk instances for them to practice with.
Does Xcitium have the ability to export data and import into another Xcitium instance? I think it would be good for students to get hands on EDR experience and reviewing processes trees. As an alternative, I am thinking of sending the OpenEDR telemetry to Splunk to be included in the export.
Thank you