https://community.checkpoint.com/t5/Endpoint/Endpoint-amp-Elastic-DB/m-p/151709#M5799 <P>Hello everyone!<BR /><BR />We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.</P><P>Has anyone actually implemented this and do you find it at all useful?<BR />We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.</P><P>I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk179044" target="_blank" rel="noopener">Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)</A></P><TABLE border="1" width="100%" cellspacing="2" cellpadding="4"><TBODY><TR><TD>AHTP-24628</TD><TD>Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.</TD></TR></TBODY></TABLE> Fri, 24 Jun 2022 10:16:17 GMT Swiftyyyy 2022-06-24T10:16:17Z https://community.checkpoint.com/t5/Endpoint/Endpoint-amp-Elastic-DB/m-p/151709#M5799 <P>Hello everyone!<BR /><BR />We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.</P><P>Has anyone actually implemented this and do you find it at all useful?<BR />We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.</P><P>I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.</P><P><A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk179044" target="_blank" rel="noopener">Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)</A></P><TABLE border="1" width="100%" cellspacing="2" cellpadding="4"><TBODY><TR><TD>AHTP-24628</TD><TD>Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.</TD></TR></TBODY></TABLE> Fri, 24 Jun 2022 10:16:17 GMT https://community.checkpoint.com/t5/Endpoint/Endpoint-amp-Elastic-DB/m-p/151709#M5799 Swiftyyyy 2022-06-24T10:16:17Z