How to deploy Open EDR in your environment (old)

melih · September 28, 2020, 4:11pm

You can deploy and use Open EDR in following ways:

What is EDR and available today (as of 28th September 2020)
1-Full Comodo Dragon Enterprise platform (with Pre-compiled OpenEDR with full management capability and portal (no Fee for 3 months, until you can setup your own ELK stack)
Dragon Enterprise | Endpoint Protection Platform (EPP) (you can create an account with this link)

Coming soon… (hoping to have these within weeks)
** GitHub - ComodoSecurity/openedr: Open EDR public repository its now LIVE ( 9th Nov 2021!) ****
1- You can download the source code from Github (coming soon), compile it, then create your own ELK.
2- Use the compiled OpenEDR package integrated into Comodo Dragon Enterprise platform (Free to use) along with your own ELK.
3-Use the compiled OpenEDR package integrated into Comodo Dragon Enterprise platform with Comodo’s data lake (free up to 7 day storage) (for Any Comodo endpointsecurity customers)
4-Comodo to provide managed ELK Stack integrated with OpenEDR (you can use the Comodo Dragon Enterprise Platform to manage all the endpoints, for free)

Happy to hear any other ideas about other deployment scenarios please.

jolly · October 7, 2020, 5:19pm

did you have evaluate with other siem ?!
for example, collect log from EDR and send via syslog or json ?
because i can have an other siem like qradar/arcsight or splunk in my lab environment…

ozer · October 7, 2020, 5:53pm

Hi Jolly,
we will use FileBeats/Logstash for sending the logs and for opensource version the collected logs will be locally stored as well. So here is some examples what you can configure

you can configure Beats HTTP output plugin to send to Splunk or QRadar both supports HTTP event collection
you can configure syslog-ng to send the logs whatever destination you want

mr.professor · November 10, 2020, 5:16am

Thanks for bringing this to the community. Just wondering, does it support cross-platform or just then Windows environment?

Also, when can we expect the Recommended Specs and Installation Instructions to be released?

ozer · November 11, 2020, 2:41am

yes for now it will support only Windows, we will adapt it for Linux as well.
Tomorrow we are releasing the binaries, I will update with instructions as well

melih · November 12, 2020, 8:54pm

binary is live!

Yun · November 16, 2020, 5:24am

I have registered Dragon Enterprise and enrolled devices on my dashboard. But how to find my openedr logs on the dashboard? Any steps to do?

ozer · November 16, 2020, 7:38pm

OpenEDR writes the logs to local folder please check install notes here : https://github.com/ComodoSecurity/openedr , we are going to expand this in further releases : https://github.com/ComodoSecurity/openedr_roadmap/issues/1

If you use DragonEnterprise, you dont have to do anything, the agents from the portal automaticly reports to the portal

KelseyS · December 4, 2020, 3:38pm

I installed via the MSI provided on github, and I verified that the service is running;

PS C:\Users\OpenEDR> get-service edrsvc
Status Name DisplayName
Running edrsvc OpenEDR Service

However I am not seeing the following folder C:\ProgramData\edrsvc to grab telemetry data.

What am I missing?

stein97 · December 5, 2020, 1:11am

I just created an account on Dragon and it says I can manage 50 devices. how can I expand past 50 without paying?
thanks

melih · December 5, 2020, 2:06am

hi @stein97

For now we are doing it manually. (automation coming soon).
Please send an email to quick-start@openedr.com, and our guys will provide all the licensing you need to run for more than 50 devices.

fatah · December 5, 2020, 6:19am

Aha, no wonder some code such as nfapi::cmdedr has no reference to the original netfilter sdk.
However, will try releases section at github.

melih · December 5, 2020, 1:49pm

let us know if we can be of assistance please @fatah .

stein97 · December 5, 2020, 9:32pm

OK I have done the following:
Registered account with Dragon
Download agent only & installed
Install OpenEDR 2.0 on the computer.
Rebooted and now I can see the the desktop in Dragon and it says edr is installed.

To test the edr I ran the scripts from github https://github.com/op7ic/EDR-Testing-Script/blob/master/runtests.bat

Script ran MS Defender complained so I stopped it and re-ran.
edr reported no information in Dragon.

What did I do wrong?

thanks

Nilesh.Patel · February 15, 2021, 9:21am

Hi @melih, I have tried to build OpenEDR source code but facing problems.
I have already posted problems in " Problems Issues and Resolutions" tab but not getting response.
Could you please look into that tab.

Clippy · September 10, 2021, 7:00am

Defender has a higher priority compared to EDR is most cases. You have to either

Turn off Defender
Keep Defender but turn off real-time detection
Keep Defender but use EDR to only detect what Defender won’t spot

javier.teamit · July 29, 2022, 2:26pm

for begginer users you have a video aplly full deploy in linux environment it is of great help for those of us who want to deeper in cli linux

thanks

javier.teamit · July 29, 2022, 2:31pm

or OVA appliance in VMworkstation

melih · October 21, 2022, 12:10pm

Hi Guys
we just released a whole new version on the Xcitium Platform (formerly known as Comodo)…
Looking for feedback on how EDR feels/deploys on this Xcitium Platform please. (we hope the deployment is much easier than deploying your own ELK etc…) but we do need your feedback please!

Thank you

melih · November 21, 2022, 12:41pm