Ingest Logs from BeyondTrust Privilege Management Cloud
Extend Cortex® XDR™ visibility into logs from BeyondTrust
Privilege Management Cloud.
logs and data requires a Cortex XDR Pro per TB license.
you use BeyondTrust Privilege Management Cloud, you can take advantage
of Cortex® XDR™ investigation and detection capabilities by forwarding
your logs to Cortex XDR. This enables Cortex XDR to help you expand
visibility into computer, activity, and authorization requests in
the organization, correlate and detect access violations, and query
BeyondTrust Endpoint Privilege Management logs using XQL Search.
As soon as
Cortex XDR starts to receive logs, Cortex XDR can analyze your logs
in XQL Search and you can create new Correlation Rules.
integrate your logs, you first need to configure SIEM settings and
an AWS S3 Bucket according to the specific requirements provided
by BeyondTrust. You can then configure data collection in Cortex
XDR by configuring an Amazon S3 data collector for a generic log
type using the
Beyondtrust Cloud ECS
Before you begin configuring data collection verify
that you are using BeyondTrust Privilege Management Cloud version
21.6.339 or later.
Configure BeyondTrust Privilege Management
Cloud collection in Cortex XDR.