Abstract
Learn more about adding custom collectors to collect logs from Elasticsearch Filebeat and HTTP.
In addition to logs from supported vendors, you can set up the following custom collectors:
Filebeat collector to ingest logs about file activity on your endpoints and servers without using the Cortex XDR agent, you can install Elasticsearch Filebeat as a system logger and then forward those logs to Cortex XDR.
HTTP log collector to receive logs in Raw, JSON, CEF, or LEEF format.