Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Advisor

Endpoint & Elastic DB

Hello everyone!

We've been aware of the possibility to push raw forensic data to an ELK stack for a little while now (through a sales representative meeting), but I've been unable to find any documentation on the topic.

Has anyone actually implemented this and do you find it at all useful?
We manage a number of environments and a good number of them use On-Prem Endpoint servers meaning we lack access to Threat Hunting. Being able to pipe these datasets into a database would potentially be a very good stopgap measure between something more official on the EDR front for On-Prem managed devices.

I ask because in the E86.50 agent release notes this functionality is explicitly mentioned.

Enterprise Endpoint Security E86.50 Windows Clients (checkpoint.com)

AHTP-24628Forensics data can now be sent from the Endpoint's client computer directly to a local Elastic DB.
0 Replies

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events