Is it possible to ship process creation - and other telemetry - from XDR/Central to SIEM?
CrowdStrike has an FDR feature to write telemetry to S3, allowing you to consume it within Splunk etc. MS Defender for Endpoint (MDE) has something similar with blob storage. I'm not sure how Carbon Black does it, but I know you can ingest their raw telemetry too.
I'm aware of https://github.com/sophos/Sophos-Central-SIEM-Integration but this doesn't appear to be actual telemetry, rather alerting, scan results, update results etc.
This thread was automatically locked due to age.