Open EDR - ELK Discussion

ELK deployment and guideline for Open EDR

Open to ideas as to best ways, please go ahead and suggest.

What is the current process of pushing to ELK? Do I need to install beats?

Yes it is required, tomorrow we are going to push all necessary instructions on the github

1 Like

where can i find the details about the baseEventType,baseType,eventType values. I installed and looked at the logs generated. i found baseEventType values 16,20,18,8,7 but not sure about the meanings. Is there any document provided for that enum?

Please first refer here : https://blog.comodo.com/endpoint-security/what-is-comodo-dragon-platforms-adaptive-event-modeling-and-why-its-better-than-crowdstrikes/

the enum and mappings are on the source code as now, I will expose it on some docs soon


1 Like

Thank you very much @ozer .i will look into it.

I am unbale to find any relevant deployment guide for OpenEdr can you please point me to correct guide.

Hi Moosa

you can find installation instructions on https://github.com/ComodoSecurity/openedr , for quick start you can email to quick-start@openedr.com or signup yourself for free edition https://enterprise.platform.comodo.com/signup All relevant help guides are located here : https://help.comodo.com/product-463-Dragon-Enterprise.html

Hi all!

Can someone share Filebeat.yml configuration for OpenEDR input? for some reason I cannot decode the json correctly :frowning: