If I want to capture Logon events from a Linux system, along with also monitoring the same system with an endpoint agent, do I need to deploy both an endpoint agent and a file adapter to get the log files as well?
If I do, will that result in two licenses being used for a single system?
Correct, right now you would need an Adapter to get the realtime logs from the box. That being said, it will NOT count as another “license” (EDR Quota) since adapters are billed per GB ingested (which includes the 1 year of retention) at $0.20 per GB.
Do you think it’s likely that the adapter and EDR agent could be combined in the future?
I like the agent for doing a lot of other automation and detections, but I really want the logs as well…..having two agents on endpoints is often a hard sell for a lot of customers.
Yep, that’s in our plan.
To be clear, this is already supported by MacOS and Windows (not the adapter included, but the Windows Event Logs and Mac Unified Logs stream with just the EDR). Just making sure we’re talking about the same thing.
Nice, that’s excellent news.
Yeah, I’d initially assumed Linux was similar to the Windows implementation.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.