Artifact Collection

Artifact Collection

Note that instead of using the artifact_get command directly, it is recommended to use Artifacts available through the web UI and REST interface.

artifact_get

Retrieve an artifact from a sensor.

Platforms:

Response Event:
N/A

Usage:

usage: artifact_get [-h] [--file FILE] [--source SOURCE] [--type TYPE]
                    [--payload-id PAYLOADID] [--days-retention RETENTION]
                    [--is-ignore-cert]

optional arguments:
  --file FILE           file path to get
  --source SOURCE       optional os specific artifact source (not currently supported)
  --type TYPE           optional artifact type
  --payload-id PAYLOADID
                        optional specifies an idempotent payload ID to use
  --days-retention RETENTION
                        number of days the data should be retained, default 30
  --is-ignore-cert      if specified, the sensor will ignore SSL cert mismatch
                        while upload the artifact

Note on usage scenarios for the --is-ignore-cert flag: If the sensor is deployed on a host where built-in root CAs are not up to date or present at all, it may be necessary to use the --is-ignore-cert flag to allow the logs to be pushed to the cloud.

Unlike the main sensor transport (which uses a pinned certificate), the Artifact Collection feature uses Google infrastructure and their public SSL certificates.

This may sometimes come up in unexpected ways. For example fresh Windows Server installations do not have the root CAs for google.com enabled by default.