Setup Guide

XDR Targets Configuration

This guide introduces the concept of target environments within the XDR CLI build system, elaborates on the configuration mechanism, and explains how to use and extend target profiles. The system enhances automation by facilitating the creation of ingestion pipelines and schemas vital for real-time data processing, storage, and analysis.

There are three ways to set the core target environment variables with the XDR CLI. They are layered in a hierarchy, certain variables are not settable in specific config variables due to the nature of the parameters. This is the hierarchy in which the parameters are set based on this:

  1. Environment Variables will override all other settings.

  2. CLI Parameters take precedent over the xdr_package and xdr_targets yaml files. These are describe in each cli command below.

  3. xdr_package.yaml settings when they exist, override the targets variables. The xdr_package.yaml files are used for local config and build specific, they rarely overlap the xdr_targets.yaml files.

  4. xdr_targets.yaml seetings when exist are the last place we pull varialbes. These settings are specific to interacting target environments, us

xdr_targets.yaml

XDR Parameter
Description
env_variable_name
xdr_target_variable_name
override
Example Variable

ch_host

The endpoint for the Clickhouse target

XDR_CH_HOST

ch_host

N/A

'localhost', 'sdfe234df.ap-southeast-2.aws.clickhouse.cloud'

ch_port

The port to connect to on the target Clickhouse server

XDR_CH_PORT

ch_port

N/A

8123, 8443

ch_username

The username for authentication to Clickhouse

XDR_CH_USERNAME

ch_username

N/A

'user1'

ch_password

The password for authentication to Clickhouse

XDR_CH_PASSWORD

ch_password

N/A

'password1'

ip_config_bucket_name

The S3 bucket name for configuration

XDR_IP_CONFIG_BUCKET_NAME

ip_config_bucket_name

N/A

'dev_config_bucket_afterburner'

ip_config_bucket_region

The AWS region for the S3 bucket

XDR_IP_CONFIG_BUCKET_REGION

ip_config_bucket_region

N/A

'ap-southeast-2'

ip_config_standard_enrichment_path

Path for standard enrichment files the ingestion pipelines

XDR_IP_CSV_PATH

ip_csv_path

N/A

'vector_templates/standard_enrichment_files'

ip_config_receiver_path

Path for vector receiver files

XDR_IP_RECEIVER_PATH

ip_receiver_path

N/A

'vector_templates/vector_receiver'

ip_templates_path

Path for vector templates

XDR_IP_TEMPLATES_PATH

ip_templates_path

N/A

'vector_templates'

ip_config_geo_ip_path

Path for geo IP files

XDR_IP_GEO_IP_PATH

ip_geo_ip_path

N/A

'vector_templates/geoip'

hunt_config_path

Path for XDR hunt configuration files

XDR_HUNT_CONFIG_PATH

hunt_config_path

xdr_package, cli

'xdrcli/stable/hunts'

hunt_rules_path

Path for XDR hunt rules

XDR_HUNT_RULES_PATH

hunt_rules_path

xdr_package, cli

'xdrcli/stable/rules'

1. Init Target

Initialize or update a configuration target.

Command:

xdrcli init-target --target production --target_file_path /pathto/.xdr/xdr_targets.yaml

Description:

This command initializes or updates the configuration for a specified target environment.

Options/Parameters:

  • --target: The target name for the specific environment to configure. Example: --target production

  • --target_file_path: The path to the targets configuration file. Example: --target_file_path /path/to/targets.yaml

2. List Targets

List all profiles in the configuration.

Command:

xdrcli list-targets --xdr_root_log_path /path/to/logs --target_file_path /pathto/.xdr/xdr_targets.yaml

Description:

This command lists all configuration profiles available in the targets configuration file.

Options/Parameters:

  • --xdr_root_log_path: Path to the common log directory. Example: --xdr_root_log_path /path/to/logs

  • --target_file_path: The path to the targets configuration file. Example: --target_file_path /pathto/.xdr/xdr_targets.yaml

3. Print Default Target

Print the default target profile in the configuration.

Command:

xdrcli print-default-target --xdr_root_log_path /path/to/logs --target_file_path /pathto/.xdr/xdr_targets.yaml

Description:

This command prints the default target profile from the targets configuration file.

Options/Parameters:

  • --xdr_root_log_path: Path to the common log directory. Example: --xdr_root_log_path /path/to/logs

  • --target_file_path: The path to the targets configuration file. Example: --target_file_path /pathto/.xdr/xdr_targets.yaml

PreviousVector TemplatesNextFastAPI Local Guide

Last updated