Sending process creation logs to SIEM

Is it possible to ship process creation - and other telemetry - from XDR/Central to SIEM?

CrowdStrike has an FDR feature to write telemetry to S3, allowing you to consume it within Splunk etc. MS Defender for Endpoint (MDE) has something similar with blob storage. I'm not sure how Carbon Black does it, but I know you can ingest their raw telemetry too.

I'm aware of https://github.com/sophos/Sophos-Central-SIEM-Integration but this doesn't appear to be actual telemetry, rather alerting, scan results, update results etc.



Added tags
[edited by: Gladys at 3:55 PM (GMT -7) on 15 Sep 2022]
Parents Reply Children
No Data