Security Onion vs VMware Carbon Black Response

[udi-mosh]

Hi All,
i am familiar with VMware Carbon Black Response and i have installed SO and i am trying to understand if SO have the same capabilities that CBR has and what i am interested in most is the details CBR holds regarding processes and the command line or executions they make which i find very useful.
i have uploaded a screenshot from CBR which indicates what information i can get from the agents and i would appreciate if someone can confirm what does exist in SO

Thanks,
Udi

[subs1138]

Are you using the Carbon Black Event Forwarder? If so then the list is on the web page.
https://docs.elastic.co/en/integrations/carbonblack_edr

Alternatively your server should take anything and dump the info into a message field which you would then write GROK parsers for, but the CB Event Forwarder should make it easy.

[udi-mosh]

Hi, I am not using the forwarder. I am looking to replace cb with so and i wanted to know if the info i get with so elastic agent is equivalent to what i get with cb as described in the thread. בתאריך יום ב׳, 11 במרץ 2024, 21:09, מאת subs1138 ***@***.***

…

: Are you using the Carbon Black Event Forwarder? If so then the list is on the web page. https://docs.elastic.co/en/integrations/carbonblack_edr Alternatively your server should take anything and dump the info into a message field which you would then write GROK parsers for, but the CB Event Forwarder should make it easy. — Reply to this email directly, view it on GitHub <#12550 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2J4ND7WWV3G6FC5QKU6NOTYXYFO3AVCNFSM6AAAAABEP2SETOVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM4DONJQGM4DO> . You are receiving this because you authored the thread.Message ID: <Security-Onion-Solutions/securityonion/repo-discussions/12550/comments/8750387 @github.com>

[dougburks]

You can see some of the features of Elastic Agent in the Elastic docs:
https://docs.elastic.co/en/integrations/endpoint

[udi-mosh]

looks promising...