Add an EDR (Endpoint Detection and Response) log collection module (#176

) Currently only Carbon Black logs are collected.
fox-it · Jul 1, 2024 · 54ecef7 · 54ecef7
1 parent 7b209cb
commit 54ecef7
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/acquire/acquire.py b/acquire/acquire.py
@@ -1064,6 +1064,15 @@ class QuarantinedFiles(Module):
     ]
 
 
+@register_module("--edr")
+class EDR(Module):
+    DESC = "various Endpoint Detection and Response (EDR) logs"
+    SPEC = [
+        # Carbon Black
+        ("dir", "sysvol/ProgramData/CarbonBlack/Logs"),
+    ]
+
+
 @register_module("--history")
 class History(Module):
     DESC = "browser history from IE, Edge, Firefox, and Chrome"