Help Center Logpoint Docs Idea Portal Logpoint.com
Solved

How to fetch enrichment sources from the collector node itself?

  • 3 May 2021
  • 1 reply
  • 88 views
Basudev Raut
Rank
Userlevel 3
Badge +7

A MSSP partner is planning is to run a lightweight LogPoint collector VM at each of their customers, and then setting up the main LogPoint servers with compute and storage at their end. They will have the Open Door tunnel open to the LogPoint Collectors, but won't be able to expose the customer's Domain Controller/LDAP publicly. Therefore, the LogPoint Collector needs to collect the LDAP enrichment data from the local DC, instead of the main LogPoint server.

Is there a way of making this happen without engineering changes, such as by redirecting the main server's LDAP query through the tunnel somehow, or by the collector fetching something to a file to then send across?

 

 

icon

Best answer by Gaurav Khatri 4 May 2021, 05:41

View original
Best Regards, Basudev

1 reply

Gaurav Khatri
Rank
Userlevel 1
Badge +3

Hi Basudev,

As of now, a feature development is in progress which is intended to solve this in the future versions. But it might take a while to get this feature in product itself .

Meanwhile, I have tested a workaround in one of the system which uses a custom ldap script to download ldap data and the private tunnel connection (maintained between  a collector and main LP) to send LDAP data from collector to main LP and use that as a custom csv enrichment source. To summarize, the workflow is designed as follows:

  1. Run the custom ldap python  script in collector which downloads the LDAP data to collector.
  2. Use the tunnel connection to transfer the csv file between collector and main LP.
  3. Transfer the csv file to webserver/static folder and use it as a csv enrichment source that updates regularly.

These 3 steps can then be automated as cronjobs to run automatically daily.

Reply


Terms & ConditionsCookie settings