Evidence: Elastic Logs
Description: Collect Elastic Logs
Category: Applications
Platform: windows
Short Name: lstcl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Elastic Endpoint Security (formerly Endgame) is an EDR solution that logs endpoint activities, threat detections, and security events. It maintains state logs for monitoring system security posture.
Data Collected
This collector gathers structured data about elastic logs.
Collection Method
This collector gathers Elastic Endpoint log files from the Program Files installation directory, including state logs that track endpoint security status and events.
Forensic Value
Elastic Endpoint logs provide EDR visibility into process execution, network activity, file modifications, and threat detections. They're essential for investigating security incidents and understanding endpoint compromise.
