Question

Any recommendations or methods for centralized logging for both macOS and Windows devices?


Userlevel 2
Badge +2

Any recommendations or methods for centralized logging for both macOS and Windows devices? Looking at Nxlog (which only covers macOS in the enterprise edition). Would ultimately be parsed through our SIEM, just having a deep search for the macOS part with conflicting info.


This topic has been closed for comments

19 replies

Userlevel 5
Badge +2

Consolidating other messages:

Filebeat or osquery with logstash https://osquery.readthedocs.io/en/stable/deployment/log-aggregation/



Sent via Slack Thread
Userlevel 5
Badge +2

Consolidating other messages:

Filebeat or osquery with logstash https://osquery.readthedocs.io/en/stable/deployment/log-aggregation/



Sent via Slack Thread
Userlevel 5
Badge +2

Consolidating other messages:

Filebeat or osquery with logstash https://osquery.readthedocs.io/en/stable/deployment/log-aggregation/



Sent via Slack Thread
Badge

Beats are starting to converge after Elastic's acquisition of Endgame.



Sent via Slack Thread
Badge

It's not there yet, but they are looking for one agent for metrics, logging, and endpoint security(EDR)



Sent via Slack Thread
Badge

one universal "agent" with different modules



Sent via Slack Thread
Badge

It's not there yet, but they are looking for one agent for metrics, logging, and endpoint security(EDR)



Sent via Slack Thread
Badge

I think this is exactly why they are doing this



Sent via Slack Thread
Badge

It's not there yet, but they are looking for one agent for metrics, logging, and endpoint security(EDR)



Sent via Slack Thread
Badge

https://www.elastic.co/blog/introducing-elastic-agent-and-ingest-manager



Sent via Slack Thread
Userlevel 2
Badge +2

These endpoints are going to have more agents than the FBI.



Sent via Slack Thread
Badge

it never ends



Sent via Slack Thread
Badge

hahah



Sent via Slack Thread
Badge

i know the feeling



Sent via Slack Thread
Badge

hahah



Sent via Slack Thread
Badge

It's not there yet, but they are looking for one agent for metrics, logging, and endpoint security(EDR)



Sent via Slack Thread
Userlevel 2
Badge +5

We also use metricbeat/elastic



Sent via Slack Thread
Userlevel 1
Badge +1

I'm a big fan of Rapid7's InsightIDR, but that's really more of a SIEM in and of itself so likely overkill. I would look into OSquery for sure.



Sent via Slack Thread
Userlevel 2
Badge +5

(we have rapid7 as well, I think my devsecops team just prefers elastic for some part of it)



Sent via Slack Thread