-
@ Taggart :donor:
2025-02-23 05:07:04
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqy89x53fpk4rax7fj0yuxy0ydtq4v2rfj6esyw6ahvq6azeqcl28qfeahud In addition to network telemetry, you may also want to consider collecting endpoint data from your hosts. The Elastic Agent can use the Defend integration to turn it into a reasonable EDR tool.
https://www.elastic.co/guide/en/security/current/endpoint-security-elastic-defend.html
This is a solid starting point for building visibility in the environment. But be aware that collecting Zeek and endpoint data from hosts will require rather a lot of storage for any reasonable amount of retention.