-
I installed Evebox with sqlite on my server with suricata. it seems to run correct, without errors.
it also collect events id DB
But doesn't show events in interface
And i can't understand t…
-
new custom Suricata rules were being pulled from /Malcolm/suricata/rules to Suricata docker but it is not active, no alerts for the new custom rules
Is there any extra configuration to enable ?
…
-
### Links
* [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
* [CISA Known Exploited Vulnerabilities (KEV) Catalog for CISA ICS Advisories Da…
-
##### My issue is:
new beginner of cuckoo sandbox
I installed cuckoo sandbox of the documentation and configuration correctly
when I upload the file and scan, then cuckoo receives an error and doe…
-
-
Right now there is a [fixed set](https://github.com/idaholab/Malcolm/blob/cef8f9d6c953b1ebf79e718ee0a3183cbd157f09/logstash/pipelines/enrichment/21_netbox.conf#L15-L21) of log types that get enriched …
-
After `Firewall` dashboard, add a new `Firewall Authentication` dashboard:
```
observer.type:firewall AND event.category:authentication | groupby user.name | groupby -sankey user.name source.ip | grou…
-
BeeOnRope brought up some good points in this subthread of my HN post: https://news.ycombinator.com/item?id=21550453
I can see two main approaches to adaptation: whether to use an early exit for AS…
-
I don't have any file called: /opt/so/rules/nids/all.rules
I only have: /opt/so/rules/nids/local.rules
Thusly, Suricata is not generating any alerts, since it has no rules.
Any advice on getti…
-
Add input filter that can read data from Suricata.