-
Hello
I created a new logstash codec plugin for IDMEF based on the RFC 4765: https://tools.ietf.org/html/rfc4765
IDMEF: Intrusion Detection Message Exchange Format
As described in https://www.e…
ToToL updated
4 years ago
-
the following endpoints are unreachable (404 not found):
sudo wget https://raw.githubusercontent.com/a3ilson/pfelk/master/conf.d/01-inputs.conf
sudo wget https://raw.githubusercontent.com/a3ilson/…
-
Originally reported at https://bugzilla.redhat.com/show_bug.cgi?id=2245828
Example error from pytest:
```
______________________ AggregatorTestCase.test_aggregator ______________________
sel…
-
In a multi tenant type source environment, I have two discrete values to log with each event:
- Event business org source (OrgAlpha, OrgBravo, OrgCharlie)
- Event explicit log origin type (zeek, p…
-
Hi,
It has been a while since I used SELKS and I wanted to check version 6.
So it is a brand new install in a VM, followed the instructions (post install config, including the Nginx check and rest…
-
I was made aware of this through a Suricata forum post: https://forum.suricata.io/t/bad-option-value-formatting-possible-missing-semicolon-for-keyword-content/4865
After checking for the fix for ht…
-
It doesn't appear that there is any documentation on how to manage data in RockNSM as far as disk utilization goes. For instance in my lab after about a week, Kibana is unresponsive. Probably because …
-
Reference previous issue where we changed Eval to use Suricata for PCAP by default:
https://github.com/Security-Onion-Solutions/securityonion/issues/12878
-
Current event logic for tracking dispatched/received/rate on monitored segments works when a single sensor (say, a Suricata box) is monitoring the segment. But in cases where multiple sensors monitor …
-
The SELKS device fails after 10 days of traffic.
![Screenshot_20190326_140653](https://user-images.githubusercontent.com/5064337/54999605-e24d0100-4fd0-11e9-97fe-a44b37c102c9.png)
~# systemctl sta…