From 54ecef78980513b7a1c2599514db159a84400346 Mon Sep 17 00:00:00 2001
From: pyrco <105293448+pyrco@users.noreply.github.com>
Date: Mon, 1 Jul 2024 09:02:04 +0200
Subject: [PATCH] Add an EDR (Endpoint Detection and Response) log collection
 module (#176)

Currently only Carbon Black logs are collected.
---
 acquire/acquire.py | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/acquire/acquire.py b/acquire/acquire.py
index 5d172abd..ee7ee8bc 100644
--- a/acquire/acquire.py
+++ b/acquire/acquire.py
@@ -1064,6 +1064,15 @@ class QuarantinedFiles(Module):
     ]
 
 
+@register_module("--edr")
+class EDR(Module):
+    DESC = "various Endpoint Detection and Response (EDR) logs"
+    SPEC = [
+        # Carbon Black
+        ("dir", "sysvol/ProgramData/CarbonBlack/Logs"),
+    ]
+
+
 @register_module("--history")
 class History(Module):
     DESC = "browser history from IE, Edge, Firefox, and Chrome"