dougburks
commented
8 years ago Thanks, Wes! I'll take a look as time allows.
Closed weslambert closed 8 years ago
dougburks
commented
8 years ago Thanks, Wes! I'll take a look as time allows.
This is in reference to Issue #492: CapMe needs to handle UDP better, found here:
https://github.com/Security-Onion-Solutions/security-onion/issues/492
As suggested within the issue, I modified cliscriptbro.tcl, callback.php, and SguildTranscript.tcl.
This PR contains changes within securityonion-capme (for cliscriptbro.tcl & callback.php) , and attached is an updated SguildTranscript.tcl (attached as a txt file, since GH won't allow .tcl -- I can send the TCL file via email, if necessary).
Requests from both ELSA and Squert should now cause CapMe to automatically switch to the appropriate cliscript and query the appropriate event source, depending on where the request originated from, and if it was for TCP/UDP.
SguildTranscript.txt
Thanks, Wes