Comments (4)
MarcOverIP
commented on June 12, 2024
2
Would have my preference to - just as with other C2s that RedELK supports - keep the way of logging part of the codebase of the actual C2 itself and not part of RedELK. That would mean your option 1. All the other steps form my initial post is then still left on the RedELK side.
It would make sense to make an issue at the Covenant side, so I did: cobbr/Covenant#221
from redelk.
fastlorenzo
commented on June 12, 2024
I did some checks and it looks like Covenant doesn't have text log files, everything is stored in a sqlite file. I have also 0 experience with Covenant except the new install I just performed.
We could have 2 options there:
- Add support for text logs to Covenant
- Make a script that will periodically query the sqlite database and append the changes in a structured manner to a text log file
from redelk.
MarcOverIP
commented on June 12, 2024
Update: the roadmap for the 0.7 release of Covenant now includes extra logging. When that is out, we can start working on the RedELK side.
from redelk.
fastlorenzo
commented on June 12, 2024
Awesome, that'd be great to have it in, I'll work on it when it's released
from redelk.
Related Issues (20)
- Issue with dashboards missing "keyword" HOT 2
- Add mising modules in config.py
- Add support for domain lists (similar to IP lists) HOT 1
- Check and clean-up ruby scripts
- Check if all modules in config.py HOT 1
- Check for consistent usage of c2.log.type field HOT 1
- All alarms should report project_name HOT 2
- Greynoise error
- Remove config files from source control HOT 3
- Hybrid Analysis - error handling around max API hits HOT 1
- Hybrid Anlaysis - SSL handshake failure HOT 1
- VT quota management HOT 1
- ES document conflicterrors
- quick dump of small notes and issues
- Cobalt Strike enrichment stacktrace errors
- Add containers to GHCR / Review build pipeline HOT 1
- Nothing being indexed into implantsdb HOT 2
- Integration of Bloodhound Community Edition HOT 9
- BounceBack redirector support HOT 1
- MsSQL setup trouble
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redelk.