Skip to content

Perch Security

Chronicle supports ingesting Perch Security telemetry logs to help visualize network traffic for and surrounding alerts

Chronicle Data Types

  • Alert

Configuration

  1. SSH to the Perch appliance using the username and password from the Perch documentation
  2. Create this file /etc/logstash/conf.d/50-output.conf using the CONF file information below
  3. Run systemctl restart logstash
  4. Run systemctl status logstash to verify the service has restarted successfully
output {
    if [type] == "sensortocloud" {
        tcp {
            host => "<CYCLOPS IP>"
            port => <CYDERES PROVIDED PORT>
        }
    }
}