Versions Compared

Old Version 3

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version 4

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

CTCI curates a CEWL (CVE Early Warning List) that threat actors are currently using or about to use.

Devo collector features

Feature

Details

Allow parallel downloading (multipod)

  • allowed

Running environments

  • collector server

  • on-premise

Populated Devo events

  • lookups

Flattening preprocessing

  • no

Allowed source events obfuscation

  • yes

Data sources

Data source

Description

API endpoint

Collector service name

Devo table

Data source

1

CEWL

Audit log entries

/api/v1/cewl

-

v0.0

For more information on how the events are parsed, visit our page.

...

Info

This minimum configuration refers exclusively to those specific parameters of this integration. There are more required parameters related to the generic behavior of the collector. Check setting sections for details.

Setting

Details

api_token

Required

Info

See the Accepted authentication methods section to verify what settings are required based on the desired authentication method.

Accepted authentication methods

Setting

Details

api_token

The CTCI API token copied from the admin portal.

Run the collector

Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).

...

Expand
titleCheck memory usage

To check the memory usage of this collector, look for the following log records in the collector which are displayed every 5 minutes by default, always after running the memory-free process.

  • The used memory is displayed by running processes and the sum of both values will give the total used memory for the collector.

  • The global pressure of the available memory is displayed in the global value.

  • All metrics (Global, RSS, VMS) include the value before freeing and after previous -> after freeing memory

Code Block
INFO InputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(34.50MiB -> 34.08MiB), VMS(410.52MiB -> 410.02MiB)
INFO OutputProcess::MainThread -> [GC] global: 20.4% -> 20.4%, process: RSS(28.41MiB -> 28.41MiB), VMS(705.28MiB -> 705.28MiB)

Change log for v1.x.x

Release

Released on

Release type

Details

Recommendations

v1.0.0

Status
colourPurple
titleNEW COLLECTOR

New collector

-