hi ,
it seems there is instructions for only compile it with VS2019
since im not a programmer and dont have such a wishes at the moment
is there any compiled installation for self hosted open edr?
thanks ,
shai.
hi ,
it seems there is instructions for only compile it with VS2019
since im not a programmer and dont have such a wishes at the moment
is there any compiled installation for self hosted open edr?
thanks ,
shai.
Hi @shaiuzi , you can download the latest build from below link.
You can also deploy UNLIMITED endpoints with next-gen EDR in no time via OpenEDR platform. FOR FREE!
Just register from below link:
https://openedr.platform.xcitium.com/register/
hi i ilgaz ,
correct me please if im wrong
but the v2.5.1.0 executables looks like the agent side , not the self hosted server install.
is there any self hosted server side , or just online managment with registration needed?
you can follow the steps 3 to 7 below to deploy server side:
hi ilgaz ,
so you pointing me to what i have seen already -
You should have Microsoft Visual Studio 2019 to build the code…
so again , can someone might share a compiled version for server side install (on windows)?
hi @shaiuzi , step 2 is building the EDR agent. For that step, yes you need to have Microsoft Visual Studio 2019. What I wanted to say is that it is the only step that requires building the source code for the EDR agent. But you can download and use already built version from below link and skip step 2.
Step 3 to 7 are related with server side and setting up client-server communication, where you don’t need to build anything but only download, install and configure related components to fire up your own OpenEDR instance.
yes , i have seen those compiled agents already.
but where can i find installation of the server hosting side ,
for building the system? i want on prem installation , not to use the online interface
hi @shaiuzi , OpenEDR is a single agent that can be installed on Windows endpoints. It generates extensible telemetry data for overall security-relevant events. The telemetry data is stored locally on the endpoint itself. You can use any log streaming solution and analysis platform. The installation guide allows you to easily deploy remote streaming and analysis via open source tools like Elasticsearch ELK and Filebeat.
1- Logstash: Logstash is an open-source data ingestion tool that allows you to collect data from a variety of sources, transform it, and send it to your desired destination. With pre-built filters and support for over 200 plugins, Logstash allows users to easily ingest data regardless of the data source or type. We used Logstash to simplify our output to Elasticsearch for more understandable logs and easily accessible by everyone who uses OpenEDR.
2- Elasticsearch: There are multiple options to run Elasticsearch, you can either install and run it on your own machine, on your data center, or use Elasticsearch service on public cloud providers like AWS and GCP. If you want to run Elasticsearch by yourself, you can refer to here for installation instructions on various platforms Installing Elasticsearch | Elasticsearch Guide [8.11] | Elastic
3- Kibana: Kibana is UI based Monitoring system. The logstash and elasticsearch environment can handle most of the logging systems such as OpenEDR.
Above triple is widely known as ELK stack (Elasticsearch, Logstash, Kibana). You can get the pre-configured package at GitHub - deviantony/docker-elk: The Elastic stack (ELK) powered by Docker and Compose. also, you can configure your system defaults also work but less securely please check https://github.com/deviantony/docker-elk/blob/main/README.md for further information on configuration details. If you choose to deploy pre-configured ELK stack package above, you will first need to install Docker on your environment.
https://github.com/ComodoSecurity/openedr/blob/main/getting-started/DockerInstallation.md
4- Filebeat: Filebeat is a very good option to transfer OpenEDR outputs to Elasticsearch, you need to install Filebeat on each system you want to monitor. Overall instructions for it can be found here: Filebeat quick start: installation and configuration | Filebeat Reference [8.11] | Elastic
We don’t have OpenEDR Filebeat modules yet so you need to configure a custom input option for filebeat Configure inputs | Filebeat Reference [8.11] | Elastic
5- Editing Alert Policies: The agent uses network driver, file driver, and DLL injection to capture events that occur on the endpoint. It enriches the event data with various information, then filters these events according to the policy rules and sends them to the server.
You can customize your policy with your own policy. Within the installation folder which is “C:\Program Files\Comodo\EdrAgentV2” policy file called “evm.local.src”
For OpenEDR platform suggested rules please check the rule repo GitHub - ComodoSecurity/OpenEDRRules
You can edit this file with any text editor and customize your own policy accordingly with the instructions given in below guide:
https://github.com/ComodoSecurity/openedr/blob/main/getting-started/EditingAlertingPolicies.md
hi i have same question here… basically on the answer, u suggesting us to use the online platform right?
so, there is no on prem for openedr?