Looking for the compatibility of Coro Software with Graylog. Would like to integrate Coro alerts into Graylog server for efficient and comprehensive monitoring. What is the approach ?
Is coro a SaaS only service (meaning no on-prem servers/hardware?) Does Coro allow sending alerts to external sources or can it send webhooks?
Hello,
Yes, Coro is a SaaS only service and it supports sending alerts to external sources. Coro currently supports the following integrations:
Splunk
Microsoft Sentinel
Fluency
Generic webhook integrations
I have tried to integrate with API credentials (Bearer Token) using JSON path value from HTTP API Input. It is detecting Coro now. However, it fails to fetch all the device data (windows machines ) and its security events.
Kindly suggest on JSON path of data to extract and if any other changes to be done.
Thanks you!
The JSON path value from HTTP can be useful in some cases, but it has some limitations. For example, if you specify a json path, the returned value is a string, meaning you cannot parse the result as json. It also cannot loop or iterate through the results in order to save each json entry as its own log message.
My thinking is you could have a script (e.g. python) run periodically to query the api and retrieve data, and then send that to graylog.