Comments (3)
MarcOverIP
commented on June 12, 2024
I like the idea. We never had need for filtering down per user, but I guess it depends on workflow. And to be fair, it is really easy to filter the operator's name in the input line.
Im not sure about tying it to the input line as well. There is a reason that with CS we nowhere connect input with task or outputs: in our experience corner case such as you mention above actually do happen and happen more than we like to, including the situation when filebeat-logstash play catch up and ES hasnt stored the data yet. This results in parsing errors and overal lesser usability.
Now if you know a way to make this 100% working correctly that would be great! If not, I still happily accept your PR for filtering the operator name in the input name.
I kindly ask you to develop against maindev branch. That branch will be version 2 of RedELK and has significant changes incl ES upgrade, renamed fields, neo4j and jupyter integration, etc. Should be stable enough for you start devving against in a few weeks time.
from redelk.
fastlorenzo
commented on June 12, 2024
I'm currently investigating the sleep plugin to see if logstash can wait for a small amount of time for the input line to be processed before the input line.
I'll test it for a while and if it's reliable I'll add it as a PR.
FYI I'm using RedELK with the latest version of ELK, I just needed to make some small changes in fields used by filebeat.
from redelk.
MarcOverIP
commented on June 12, 2024
Im closing this right now. I've added a registration of the name of the red team operator per input in commit 3216a8f
Feel free to reopen when you feel differently.
from redelk.
Related Issues (20)
- Issue with dashboards missing "keyword" HOT 2
- Add mising modules in config.py
- Add support for domain lists (similar to IP lists) HOT 1
- Check and clean-up ruby scripts
- Check if all modules in config.py HOT 1
- Check for consistent usage of c2.log.type field HOT 1
- All alarms should report project_name HOT 2
- Greynoise error
- Remove config files from source control HOT 3
- Hybrid Analysis - error handling around max API hits HOT 1
- Hybrid Anlaysis - SSL handshake failure HOT 1
- VT quota management HOT 1
- ES document conflicterrors
- quick dump of small notes and issues
- Cobalt Strike enrichment stacktrace errors
- Add containers to GHCR / Review build pipeline HOT 1
- Nothing being indexed into implantsdb HOT 2
- Integration of Bloodhound Community Edition HOT 9
- BounceBack redirector support HOT 1
- MsSQL setup trouble
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from redelk.