Hi
Is anyone been able to collect their hypervisor syslog into IDR? I am unable to find anything in R7 IDR documentation.
ESXi can forward syslogs to your collector. I would recommend setting this up with a generic syslog collection and then parse out the logs you are wanting.
Thanks.
Not sure why IDR doesn’t have native parsers for this and detection rules… I am only seeing (2) ESX detection rules.
They do not, you have to parse it and create custom detection rules in order to cover your usecases. Really painstaking work!
Bummer