We have 1500+ remote hosts( MAC, ubuntu, Windows) laptops, which are not in our network 24x7. I want to fetch logs from these devices even if they are not connected to our VPN. Is there any way through which we can achieve this integration?
In this scenario, you need to publish your Elastic Security to some cloud platform or use Elastic Cloud. That way, your deployment will be available for any internet connection by your hosts.
Another thing is having these hosts have the Elastic Agent with the Defender integration for endpoint protection.
Hey @wsouza Thanks for the reply
Currently I am using a ELK stack which is running on my EC2 instance that is under my VPN but to send logs from hosts they need to connect to VPN once they are under VPN I can see logs from that system. So the problem which I am facing is how can I continuously monitor these devices with best security practices. But I can see hosting it on public network will create security issue is there anyway through which I can achieve this.
How are you sending and receiving the logs?
To send the logs when your devices are not on your VPN they need to be able to send the logs to somewhere that doesn't need the VPN, so you would need a public endpoint for it.
You do not need to expose your ELK, but you would need some service to be available for your devices that are not on your VPN and this same service needs to be able to communicate with your Elasticsearch, you can for example use an extra logstash just for this, this is a pretty common scenario.
Of course, if you expose the service to the public internet you will need to take some precautions, like using some kind of authentication, using SSL and if it is possible limiting the IP ranges that can talk with this service would help.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.