How to forwarder logs from openedr externally

hzoutlook · January 8, 2024, 12:48am

how to forwarder logs from openedr externally

ilgaz · January 8, 2024, 9:18am

hi @hzoutlook , could you please share your usecase so that I can fully understand your aim?

hzoutlook · January 8, 2024, 12:07pm

Like I’d like to have external SIEM to injest the logs from the openEDR.

ilgaz · January 10, 2024, 10:09am

OpenEDR platform already has a built-in SIEM where you can see all logs that are pushed from EDR agent.

abrenden · April 15, 2024, 6:18pm

Does this imply that there is no way to forward logs externally from OpenEDR? We have a use case to display these logs in another SIEM, Stellar Cyber. We can build the integration, we just need instructions on how to forward, log samples so we can build a parser, and a good understanding of what each of the fields in the log are.

ozer · April 16, 2024, 1:28pm

You can export the logs from endpoints directly. Here is the documentation for that using FileBeat: openedr/getting-started/SettingFileBeat.md at main · ComodoSecurity/openedr · GitHub