Feature Requests

Please post any feature request for OpenEDR.
We want OpenEDR to be the best EDR out there period.
Please provide your feedback about feature requests that will continually improve OpenEDR.

Hi,

  • I think the ability to send directly to elastic without needing to also install any beats would be be useful.

  • Being able to pre-configure the installer to connect to a elastic instance to make deploying OpenEDR easier.

hi all,
i didn’t find any notice about:

1.whitelist & blacklist ioc (hash, ip ,url, path, extension)
2.on-prem / off-cloud controll-manager for client agent

thanks,

is there any way i can integrate with my threat intelligence provider?

i have MISP server deployed on my environment. any option available to integrate with that?

1 Like

having a free version of cloud based agent control is coming in next month. Where you can manage the settings for the agents to connect local Elastic Search as well as manage the rules to apply. Here I added the related roadmap item : https://github.com/ComodoSecurity/openedr_roadmap/issues/1

Hi , we will refactor current portal to server openedr agents as well. It will be free of charge for all.
there you can manage the IoC’s to be pushed to the agents please check this roadmap item https://github.com/ComodoSecurity/openedr_roadmap/issues/1

I will add this as an roadmap item, currently we dont support it

1 Like

https://github.com/ComodoSecurity/openedr_roadmap/issues/3 please edit the task as your requirements

I personally like the beats method. So in my opinion I wouldn’t mind it at all if it were to flow as follows:

Management server that had a web UI that could deploy and manage agents, rules, alerts, containment, etc. Basically anything that involves the end point or rules. Then have the alerts or whatever you want to have sent to elasticsearch sent via a beat or API hook.

So Agent <–> Manager <–> elasticsearch

Also would love to see secure configurations (x-pack) for elastic. Basically the ability to add in certificates.

Cant wait for the management server to release! I cant wait to test this in all the ways!

This is coming with the next release, where we will enable cloud management portal to distribute custom policies and event/alert collection can be done via ElasticSearch. The flow will be

Manager —(manage telemetry forwarding, EDR policies-- > Agent —> ElasticSeach via Beat

For now we will leave ElasticSearch configuration to the users, of course any help with X-packt etc will be more than welcome

The xpack features with beats are pretty easy. They have to have the elastic search certificate in the machines cert stores and the password for beats has to be in the filebeat.yml file. Other than that basic xpack setup would work fine.