Quick Start Guide

Introduction

The XDR Data Engine is a comprehensive data processing and analysis platform for HyperSec XDR. This guide will help you get started with the core components.

System Requirements

1. Python 3.11 or higher

2. Poetry for dependency management

3. Access to required services:

   • ClickHouse database

   • OpenSearch (optional)

   • AWS S3 (optional)

Installation

1. Clone the repository:

   Copy

   git clone https://github.com/your-org/xdr-data-engine.git
   cd xdr-data-engine

2. Install dependencies:

   Copy

   poetry install

3. Set up environment:

   Copy

   cp .env.example .env
   # Edit .env with your configuration

Core Components

The XDR Data Engine consists of several key components:

1. Schema Management

   • Define and manage database schemas

   • Handle schema updates and migrations

   • See Schema Quick Start for details

2. Ingestion Pipelines

   • Process incoming data streams

   • Transform and enrich data

   • Load data into databases

3. Hunt Framework

   • Define and execute data queries

   • Analyze security events

   • Generate alerts and reports

Basic Configuration

1. Create configuration directory:

2. Set up targets:

3. Configure packages:

First Steps

1. Verify installation:

2. Check configuration:

3. Initialize environment:

Common Workflows

Data Ingestion

1. Set up receivers:

2. Start ingestion:

Data Analysis

1. Run a hunt:

2. View results:

Next Steps

• Read Schema Management for database setup

• Check Ingestion Pipeline for data processing

• See Hunt Framework for data analysis

• Review CLI Reference for all available commands

Troubleshooting

1. Check logs:

2. Verify services:

3. Common issues:

   • Database connection errors: Check credentials and network

   • Permission issues: Verify file permissions

   • Configuration errors: Validate YAML syntax

Getting Help

• Documentation: See XDR Documentation

• Issues: Submit through the issue tracker

• Support: Contact HyperSec support team