-
Remove field `event.original` from index setting `index.query.default_field` as this field is by design not searchable. (https://www.elastic.co/guide/en/ecs/current/ecs-event.html#field-event-original…
-
Including Trend-Micro Locality Sensitive Hash (TLSH) as plugin for VQL to Velociraptor via e.g. https://github.com/glaslos/tlsh would allow to generate fuzzy-hashes of files on clients to be able quer…
-
### Request Type
Bug
### Work Environment
| Question | Answer
|---------------------------|--------------------
| OS version (server) | Ubuntu 20.04
| Cortex version / git…
-
When ingesting SSE data from a local file (using a modified version of local_synchronizer.py) the additional_names data and external_references are not processed on the target system.
## Environmen…
-
Elastic-Stack 8.4.0
AbuseCH 1.7.0
Three Log examples:
`Cannot index event publisher.Event{Content:beat.Event{Timestamp:time.Date(2022, time.August, 29, 22, 31, 24, 50266838, time.Local), Meta:{…
-
## Description
When running connectors/stream/backup-files/src/backup-files.py the resultant output data for artifacts does include the actual file data in the bundles.
## Environment
1. OS (wh…
-
In this video I look for C2 traffic by doing something I call Rinse-Repeat Threat Hunting,
which is a method for removing "normal" traffic in order to look closer at what isn't normal.
The video …
-
## Description
Hey Team,
I am noticing that not all my data connectors are running even though they are not displaying errors and all related services are up and running. I am using portainer to …
-
### Description
Our current Abuse.ch provides coverage for Threat Intel data from URL based indicators, MalwareBazaar and more. Abuse.ch recently released Threat Fox, a community driven project where…
-
Hi,
Today I came across a fatal issue on PeNet when I analyzed a malware sample that I found on malwarebazaar. The sample size is 554 kb and it's type is a xll file (a excel plugin of some kind)
…