Greetings,
Is there a way to easily pull the raw log data associated with an event or alert? It definitely seems to be correlating the log data to the Alerts and Notable Behaviors so one would think this would be possible, but we are having issues trying to find a way to pull the log data specifically related to one of these events. We are able to use the Log Search tool of course, but this process is a lot more tedious and manual than we would like. Is this currently possible? If not, could we make this a feature request?
Thank you,
Hi Daniel!
I am actually the product manager focusing on improvements to investigations.
Yes, using Log Search right now to pull in the data to an investigation is currently the best route to take. With that said, we are looking to improve this process and make it easier for you to have this contextual log data. Specifically looking to be able to link right to log search where, like you mentioned, this correlation happens instead of having you manually find it. There are already feature requests open regarding this matter and I will make sure to add your feedback to it.
Hope this helps!
3 Likes