How can I ingest FleetDM logs into Panther?

Last updated: September 3, 2024

QUESTION

How can I ingest FleetDM logs into Panther?

ANSWER

You can use an Osquery log source (see here for more information), because FleetDM uses the same log output as regular osquery. They also have some audit logs of their own, which would require a custom schema. This page has info on what logs you can export and how.