Security Endpoint 排程自動發送 raw log 方法

willy-liu · ‎09-26-2024

想要詢問:因為Cisco EndPoint Dashboard 只能儲存30天的log資訊,但因為稽核或是種種因素,需要更長時間的去留存這些log,所以變成都要一直手動趁30天內一直重複去收集下載這些Raw data , 有沒有什麼方式可以設定排程自動定期寄送這些RAW log的方法呢??

Matthew Franks · ‎09-27-2024

Depending on what data you're collecting, you can use the API to pull information or use an Event Stream.

https://developer.cisco.com/docs/secure-endpoint/

Thanks,

Matt

willy-liu · ‎09-27-2024

Hi Matthew Franks,

I want collect the all event data , " Event >> export to csv

is it possible to use API to schedule and auotmation ??

willy-liu · ‎09-27-2024

Hi Matthew Franks,

I want collect the all event data , " Event >> export to csv

is it possible to use API to schedule and auotmation ??

Matthew Franks · ‎09-27-2024

There is no automation to pull the CSV but a script could be written to use the /v1/computers API call to pull all computers from a business.
https://developer.cisco.com/docs/secure-endpoint/v1-api-reference-computer/

-Matt

Matthew Franks · ‎09-27-2024

I had some free time so I wrote a script that should work. You can use this for your automation if you have a way to run it periodically.

https://github.com/mafranks/export_computers

Hope that helps!

Thanks,

Matt

willy-liu · ‎09-30-2024

Hi

Matthew Franks · ‎09-30-2024

First, look to see if there are any errors in the console. You can also add print statements to the python code to see where it is having an error. Most likely are authentication issues.

-Matt