File Upload API Transport Method Overview

Summary

Some applications and computer systems employ batch logging, where they accumulate log entries and write them to a filesystem in groups, enhancing efficiency and reducing the overhead associated with continuous data streaming. Although this batching approach often results in some inherent latency in receiving logs, this batched approach to logging minimizes system interruptions and can lead to improved performance and easier management of log data.

File Upload API is an XDR REST API that can accept uploaded files for processing, enabling a direct integration with systems that are logging to files.

By incorporating integration with file-based logs, XDR broadens its data ingest scope, accommodating a more diverse array of data sources by providing a pathway for applications that are designed to write to a filesystem or are incapable of producing streaming logs. This enhancement ensures that even applications with traditional or non-streaming log output can contribute to the platform's data analytics and monitoring capabilities.

Reference Architecture

File Upload API Reference Architecture

Example Scenario

A device is deployed on a customer premise that produces security-relevant telemetry to a local filesystem. The IT team has set up a series of cron jobs that push these files to a centralized location. The IT team can utilize a similar script on the centralized repository of logs that pushes data to XDR by utilizing the File Upload API.

Setup

File Upload API can be configured by following the setup documentation.