CDL and Rapid7 InsightIDR, new API method?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CDL and Rapid7 InsightIDR, new API method?

L0 Member
3 REPLIES 3

L3 Networker

Hi Ssady1

 

I believe this document is not 100% correct. 

There is no method to get logs from CDL via API.  (You need to use syslog)

But if you have XDR Pro per TB license, You can reach out the data in CDL via XDR. If you dont have XDR Pro per TB license, You can only reach out endpoint related data which is in CDL via API. But still from XDR perspective this is not new API or method. 

If this is new method on the R7 side, I believe this question should be asked to r7 community. 

 

I hope that helps

 

 

L1 Bithead

I am trying to figure this out as well. I have another security vendors leveraging CDL API to gather logs but Rapid7IDR fails at this.

L3 Networker

If you would like to continuously get data from API, You should have enough Compute Unit. Otherwise, data'll not be completely fetched after consuming all free CU. 

You can check from settings how much you have and how your usage. 

  • 1981 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!