Can I modify either Winlogbeat or Filebeat to collect and send Alert and Audit data from McAfee EPO

I am looking for an efficient way to have my ELK stack SIEM pull Alert and Audit logs from my three ePO servers. Each ePO server will only be able to use UDP as the rest of the environment is locked down and they are in different parts of the overall environment with two ePO servers in different zones connected via routers.

Is this something that has been done, or can it be done. Any and all thoughts and assistance is appreciated.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.