How to forwarder logs from openedr externally

how to forwarder logs from openedr externally

hi @hzoutlook , could you please share your usecase so that I can fully understand your aim?

Like I’d like to have external SIEM to injest the logs from the openEDR.

OpenEDR platform already has a built-in SIEM where you can see all logs that are pushed from EDR agent.

Does this imply that there is no way to forward logs externally from OpenEDR? We have a use case to display these logs in another SIEM, Stellar Cyber. We can build the integration, we just need instructions on how to forward, log samples so we can build a parser, and a good understanding of what each of the fields in the log are.

You can export the logs from endpoints directly. Here is the documentation for that using FileBeat: openedr/getting-started/ at main · ComodoSecurity/openedr · GitHub

1 Like