Is it possible to forward logs to a SIEM like Qradar or Elasticsearch? #1663
Replies: 2 comments 1 reply
-
|
https://docs.velociraptor.app/blog/2019/2019-12-08-velociraptor-to-elasticsearch-3a9fc02c6568/ |
Beta Was this translation helpful? Give feedback.
-
|
OK, but what about Qradar? |
Beta Was this translation helpful? Give feedback.
-
|
If Qradar has an API that we can use to push to we can easily write an artifact for it. We have a splunk artifact here https://github.com/Velocidex/velociraptor/blob/master/artifacts/definitions/Splunk/Flows/Upload.yaml It depends if the API is a simple REST API then we can support it with the http_client() VQL plugin but if we need a special client library we need to make a go plugin for it. We currently do not have Qradar so we can not test it - but we would love contributions so if you want to have a go at it jump on the discord server and we can help you :-) |
Beta Was this translation helpful? Give feedback.
-
This would be really useful.
Beta Was this translation helpful? Give feedback.
All reactions