We are an MSSP for many organisations and would like to produce Elastic Defend coverage figures. Currently, we need to collect through various cumbersome ways the AD or inventory data from Windows, Mac and Linux clients to show if they have an Elastic Defend integration installed.
What if there were an integration where we could pick up that information from an AD system or another directory system and consume that data into the entity store or into an index?
There is an integration to collect data from Entra ID, and something similar for on-prem use would be great, especially where one has to collect data from various environments.
We have thought of a local dump from a directory (into a CSV) and collect the data, and write a CMDB-like index, but maybe there is enough interest to create an integration to help show off on how well and effectively the Elastic Defend integration is populated throughout organisations.