can't upload empire_apt3_2019-05-14223117 to ES

[parahaoer]

I uploaded empire_apt3_2019-05-14223117 with kafkacat,but I could not find the index in kibana。And I didn't get any error.

[Cyb3rWard0g]

Hey @parahaoer , I hope all is well. Are you using the HELK as your Analytics platform? If so, the indices are already created for you. If you are using your own ELK make sure that you have your pipeline defined to be able to push the data to your own Elasticsearch index. Can you provide more information about your setup. One basic example can be found here: https://www.youtube.com/watch?v=OIXB1MSPDps

[parahaoer]

Of course, I use HELK as my Analytics platform. I think whether if the empire_apt3_2019-05-14223117.json file is too big to upload it to HELK

[parahaoer]

Yesterday,I can upload the json file of mordor small_datasets. But now, I upload the empire_apt3_2019-05-14223117.json to HELK. But I can't find the index in kibana

[jsecurity101]

Hey @parahaoer, Can you specify if you are using the Mordor AWS environment or a local pull of this repo with HELK?

Also, inside of HELK how far back are you putting your timespan? It needs to be set to go back to May 14th, 2019.

[parahaoer]

I solved the problem. I reinstalled HELK！ My system root is full. After I added space to the root directory, the problem occurred. I reinstalled HELK,it worked

[parahaoer]

@Cyb3rPanda @jsecurity101 Can you tell me what is the role of the HFDC01 host in in Shire Network?

[jsecurity101]

@parahaoer, The host HFDC01 is the domain controller for the shire.com network.

[jsecurity101]

I am happy you have solved this problem! Because the problem is solved, I will be closing this issue. If you have any other questions/issues, please never hesitate to post an issue. Thanks!

[Cyb3rWard0g]

Hey @parahaoer , if you want more information about each endpoint in the environment you can use this a reference : https://github.com/Cyb3rWard0g/mordor/tree/master/environment/shire/aws/Date_Documentation