02-03-2023 07:04 AM
Is anyone using the "new API method" R7 references?
https://docs.rapid7.com/insightidr/palo-alto-cortex-data-lake/#New-API-Collection-Method-now-availab...
02-07-2023 03:02 AM
Hi Ssady1
I believe this document is not 100% correct.
There is no method to get logs from CDL via API. (You need to use syslog)
But if you have XDR Pro per TB license, You can reach out the data in CDL via XDR. If you dont have XDR Pro per TB license, You can only reach out endpoint related data which is in CDL via API. But still from XDR perspective this is not new API or method.
If this is new method on the R7 side, I believe this question should be asked to r7 community.
I hope that helps
02-07-2023 05:04 AM
I am trying to figure this out as well. I have another security vendors leveraging CDL API to gather logs but Rapid7IDR fails at this.
02-07-2023 08:39 AM
If you would like to continuously get data from API, You should have enough Compute Unit. Otherwise, data'll not be completely fetched after consuming all free CU.
You can check from settings how much you have and how your usage.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
