ELK deployment and guideline for Open EDR Security
Open to ideas as to best ways, please go ahead and suggest.
What is the current process of pushing to ELK? Do I need to install beats?
Yes it is required, tomorrow we are going to push all necessary instructions on the github
where can i find the details about the baseEventType,baseType,eventType values. I installed and looked at the logs generated. i found baseEventType values 16,20,18,8,7 but not sure about the meanings. Is there any document provided for that enum?
Please first refer here : https://blog.comodo.com/endpoint-security/what-is-comodo-dragon-platforms-adaptive-event-modeling-and-why-its-better-than-crowdstrikes/
the enum and mappings are on the source code as now, I will expose it on some docs soon
1 Like
I am unbale to find any relevant deployment guide for OpenEdr can you please point me to correct guide.
Hi Moosa
you can find installation instructions on https://github.com/ComodoSecurity/openedr , for quick start you can email to quick-start@openedr.com or signup yourself for free edition https://enterprise.platform.comodo.com/signup All relevant help guides are located here : https://help.comodo.com/product-463-Dragon-Enterprise.html
Hi all!
Can someone share Filebeat.yml configuration for OpenEDR input? for some reason I cannot decode the json correctly 
New version is out guys.
Please please please provide your feedback.
We now have removed all the third party code (that required some licenses), open source is fully third party license free!! (Hurray!)…