Hey all, we are trying to integrate fleet/orbit in...
# fleetr
Remington Winters
07/01/2021, 7:06 PMHey all, we are trying to integrate fleet/orbit into our existing MDR solution. Is there a way to send alerts from fleet? I didnt see anything in the documentation or config. Any help would be appreciated.
j
Jason
07/01/2021, 7:16 PMTypically you would pipe logs from fleet to your logging solution and alert on those (logs from query packs)
🙌🏽 1
🙌 1
r
Rachel Perkins
07/01/2021, 7:22 PMThanks Jason! As of now, there are no alerts in Fleet
Rachel Perkins
07/01/2021, 7:25 PMThis is probably the first alert feature that we're going to add. We would love any input to make our alerts more helpful https://github.com/fleetdm/fleet/issues/396
m
Mystery Incorporated
07/03/2021, 11:46 AMYes I do what Jason says about using another solution. I use logstash to soak up the osquery_results log into Elastic and I have Elastalert sending alerts to email and Teams. It works well you should try it.
2 Views