+3Hi Experts,
I understand that Bindplane can be used as a Manager to manage the rest of the collectors via an agent, and at the same time, the Bindplane manager can also be a forwarder itself. Is it possible to incorporate both forwarder and collector into a single application? What are the steps to achieve that?
+16There’s a couple components in question here (keep in mind this assumes you or your customer have a Secops license available to use)
Bind plane agent - install on endpoints - send direct to Secops or to Gateway.
Bind Plane Gateway - Aggregation point for agents. Collect data - have gateway send data to Secops.
Bindplane OP server - host that stores and manages configs, pushes them to endpoints and shows connectivity.
I personally haven’t used the Gateway piece but would see it like a WEF/WE. type setup. Gateway config would need to be setup to send to Secops via SA json. I’ll set one up and see what I can figure out. Unless anyone else can hop in on that component.
https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent
https://observiq.com/docs/advanced-setup/kubernetes-installation/agent/architecture
+3There’s a couple components in question here (keep in mind this assumes you or your customer have a Secops license available to use)
Bind plane agent - install on endpoints - send direct to Secops or to Gateway.
Bind Plane Gateway - Aggregation point for agents. Collect data - have gateway send data to Secops.
Bindplane OP server - host that stores and manages configs, pushes them to endpoints and shows connectivity.
I personally haven’t used the Gateway piece but would see it like a WEF/WE. type setup. Gateway config would need to be setup to send to Secops via SA json. I’ll set one up and see what I can figure out. Unless anyone else can hop in on that component.
https://cloud.google.com/chronicle/docs/ingestion/use-bindplane-agent
https://observiq.com/docs/advanced-setup/kubernetes-installation/agent/architecture
Hi @dnehoda,
Thank you for your reply and thanks for the link. Personally, I did not use the Gateway you mentioned. I am using the agent to receive the logs and export them to a google secops forwarder. These are the steps I followed:
https://support.netenrich.com/hc/en-us/articles/22173999437341-Windows-Event-Logs-via-Bindplane
+16Hi @dnehoda,
Thank you for your reply and thanks for the link. Personally, I did not use the Gateway you mentioned. I am using the agent to receive the logs and export them to a google secops forwarder. These are the steps I followed:
https://support.netenrich.com/hc/en-us/articles/22173999437341-Windows-Event-Logs-via-Bindplane
You can do that too - there’s quite a few ways to use BindPlane.
But you can skip the Forwader and send direct from the Bindplane agents.
+9BindPlane OP is the manager and you can get different license for the purpose
https://observiq.com/solutions
With Google license, you get unlimited agent support.
And yes, you can move from Forwarder to Collector now, so to use only 1 platform with Google SecOps
+3
Yes. It is possible (as mentioned above) to create 2 different Configurations . Please note the "Protocol" is different for each 1. gRPC for Destination SecOps 2. https for Destination Forwarder
+16Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
