Integration of OpenEDR With SD wan

mmghost · April 12, 2023, 9:21am

Hello am willing to know and have some advice about how to integrate my openedr with a next generation firewall sd-wan using python so if someone can help me i will be so thankfull

nivedithab · April 12, 2023, 9:26am

Hi @mmghost

I shall get back to you on the queries with respective response.

Thank you for writing to us.

ilgaz · April 12, 2023, 10:48am

hi @mmghost ,

Could you please describe your usecase in detail?

mmghost · April 12, 2023, 11:37am

I’m working on a project that needs an integration between OpenEDR as a main EDR and the sd-wan of the company am working with using their APIs and python as a language of programming for integration I want to know if it is possible to reach this integration ? or maybe turn to another solution to be on target and thank you in advance (I’ll use the on-premise version of openedr wich is explained in comodo Github)

ilgaz · April 12, 2023, 12:23pm

so as I understand, you want to fetch all logs from sd-wan network, is that correct?

mmghost · April 12, 2023, 12:51pm

yes i want to fetch all logs from the sd-wan network then i want to have only one plateform that display the state of openedr and sd-wan using their APIs if it’s possible

mmghost · April 24, 2023, 1:06pm

Please any help!!!

nivedithab · April 24, 2023, 1:30pm

Hi @mmghost

I shall check with the team and get back to you on the queries with respective response.

Thank you for writing to us.

ilgaz · April 26, 2023, 11:22am

Hello @mmghost ,

I see that you are using Open EDR platform. You can accomplish log forwarding from sd-wan infrastructure using Xcitium Sensor. This way you will have visibility on those logs. However, Xcitium Sensor is part of Xcitium Complete (XDR) package, which is a paid product. If you are interested, please drop an email to sales@xcitium.com and one of Xcitium’s sales agent will contact you as soon as possible to discuss the details.

Another option would be to use open source (on premise) version (you can download the latest build from here). Then you can forward the logs from sd-wan to your Elastic instance and visualize on Kibana.
Please find the guideline on how to deploy open source EDR on your own instance below.

github.com

ComodoSecurity/openedr/blob/main/README.md

# OpenEDR 
[![OpenEDR](https://techtalk.comodo.com/wp-content/uploads/2020/09/logo_small.jpg)](https://openedr.com/)
[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://openedr.com/register/) [![Email](https://img.shields.io/badge/email-join-blue.svg)](mailto:register@openedr.com)

[![OpenEDR - Getting Started](https://techtalk.comodo.com/wp-content/uploads/2022/10/Screenshot_3.jpg)](https://www.youtube.com/watch?v=lfo_fyinvYs "OpenEDR - Getting Started")    

We at OpenEDR believe in creating a cybersecurity platform with its source code openly available to the public,  where products and services can be provisioned and managed together. EDR is our starting point.
OpenEDR is a full-blown EDR capability. It is one of the most sophisticated, effective EDR code base in the world and with the community’s help, it will become even better.

OpenEDR is free and its source code is open to the public. OpenEDR allows you to analyze what’s happening across your entire environment at the base-security-event level. This granularity enables accurate root-causes analysis needed for faster and more effective remediation. Proven to be the best way to convey this type of information, process hierarchy tracking provides more than just data, they offer actionable knowledge. It collects all the details on endpoints, hashes, and base and advanced events. You get detailed file and device trajectory information and can navigate single events to uncover a larger issue that may be compromising your system.

OpenEDR’s security architecture simplifies *breach detection, protection, and visibility* by working for all threat vectors without requiring any other agent or solution. The agent records all telemetry information locally and then will send the data to locally hosted or cloud-hosted ElasticSearch deployments. Real-time visibility and continuous analysis are vital elements of the entire endpoint security concept. OpenEDR enables you to perform analysis into what's happening across your environment at base event level granularity. This allows accurate root cause analysis leading to better remediation of your compromises. Integrated Security Architecture of OpenEDR delivers Full Attack Vector Visibility including MITRE Framework. 

## Quick Start
The community response to OpenEDR has been absolutely amazing! Thank you. We had a lot of requests from people who want to deploy and use OpenEDR easily and quickly. We have a roadmap to achieve all these. However in the meanwhile, we have decided to use the Comodo Dragon Enterprise platform with OpenEDR to achieve that. By simply opening an account, you will be able to use OpenEDR. No custom installation, no log forwarding configuration, or worrying about storing telemetry data. All of that is handled by the Comodo Dragon Platform. This is only a short-term solution until all the easy-to-use packages for OpenEDR is finalized. In the meanwhile do take advantage of this by emailing quick-start@openedr.com to get you up and running!


## Components
The Open EDR consists of the following components:

This file has been truncated. show original

mmghost · April 26, 2023, 12:07pm

Ok thank you for the answer but I want to know if deploying the elk stack will display the dashboarding only on kibana or there is another alternative and I read in this forum that the edr agent is only compatible with windows which is edrav2 (in the build)!!