Elastic Logs
Overview
Section titled “Overview”Evidence: Elastic Logs
Description: Collect Elastic Logs
Category: Applications
Platform: windows
Short Name: lstcl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”Elastic Endpoint Security (formerly Endgame) is an EDR solution that logs endpoint activities, threat detections, and security events. It maintains state logs for monitoring system security posture.
Data Collected
Section titled “Data Collected”This collector gathers structured data about elastic logs.
Collection Method
Section titled “Collection Method”This collector gathers Elastic Endpoint log files from the Program Files installation directory, including state logs that track endpoint security status and events.
Forensic Value
Section titled “Forensic Value”Elastic Endpoint logs provide EDR visibility into process execution, network activity, file modifications, and threat detections. They’re essential for investigating security incidents and understanding endpoint compromise.