clong
commented
6 years ago Hi @1332530,
It's an interesting idea! That would require quite an overhaul of DetectionLab, and would probably belong on its own fork as I don't think it makes sense to actually replace Splunk in this project.
This is not really an issue, but perhaps a direction that would be interessting, for users, but also for the respective devs of the 2 projects.
Alot of props for powershell based DFIR, and the HELK project contains very modular sysmon configs, a Spark analytics layer, and an integration with Invoke-IR ACE.
I feel kinda cheap raising this without actually offering to help out, but my devs skills aren't tip top =/