Elastic Logs

Overview

Evidence: Elastic Logs Description: Collect Elastic Logs Category: Applications Platform: windows Short Name: lstcl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

Elastic Endpoint Security (formerly Endgame) is an EDR solution that logs endpoint activities, threat detections, and security events. It maintains state logs for monitoring system security posture.

Data Collected

This collector gathers structured data about elastic logs.

Collection Method

This collector gathers Elastic Endpoint log files from the Program Files installation directory, including state logs that track endpoint security status and events.

Forensic Value

Elastic Endpoint logs provide EDR visibility into process execution, network activity, file modifications, and threat detections. They're essential for investigating security incidents and understanding endpoint compromise.