Create a ".env" file containing the following attributes:

*Tenant separated by "," if u have more than one on your console

MAIL=
PW=
TENANT=

Set the "fieldname" on "/src/Search.py" to "current.incident.date" if you want to send only incident events to SIEM

Config the IP Destination on "/src/BuildPayload.py"

handler = logging.handlers.SocketHandler('<destination_ip>', 514)

Set your recurrence to run the script in "/src/Search.py"

Create a crontab

Example: runs the script every minute

 * * * * * /bin/python3 /root/axur/app.py

Event Sample

LEEF:2.0|Axur One|Digital Protection|1.0|eventid|key=	customer=	reference=	ticket.last-update.date=	ticket.creation.date=	ticket.tags=	current.status=	current.credential.username=	current.incident.date=	current.close.date=	current.resolution.reason=	current.credential.password.type=	current.type=	current.credential.first-seen=	current.credential.password.value=	current.open.date=	current.resolution=	current.assets=	current.leak.sources=	detection.status=	detection.credential.username=	detection.incident.date=	detection.close.date=	detection.resolution.reason=	detection.credential.password.type=	detection.type=	detection.credential.first-seen=	detection.credential.password.value=	detection.open.date=	detection.resolution=	detection.assets=	detection.leak.sources=