HarfangLab is an Endpoint detection and response (EDR) solution certified by ANSSI since 2020.
This setup guide will show you how to forward events produced by HarfangLab EDR to SEKOIA.IO.
Theses changes have to be made from your HarfangLab instance web portal (provided by HarfangLab).
HarfangLab EDR logs
Firstable your need to navigate to
Personal Settings, and in the
Api token get your token or generate a new one.
Then you need to navigate to
Administration > Configuration, and switch to the
Syslog connector panel, select the logs you want to export:
- Event log
- Remote thread
- Security Event
Configure the syslog information with the following details:
- App name: name of your choice
- Source host: name of your choice
- Structured data:
In the above field
Structured data, please replace
YOUR_INTAKE_KEY variable with your intake key generated in SEKOIA.IO.
Finaly select the
TCP/SSL, leave the other options to default.
Enjoy your events
Once the configuration has been done on Sekoia side, you can go to the events page to watch your incoming events.