clong
commented
2 years ago Hi Nick -- definitely understand the desire for this. By far, the most data collection happens from Windows Event Logs. You could fine tune this by filtering out specific event codes, or even disabling entire WEF subscriptions. For an example of how to do some filtering in Splunk, check out https://github.com/clong/DetectionLab/blob/master/Vagrant/resources/splunk_server/transforms.conf#L17-L25
Hi Chris, Awesome project! Would it be possible to bake in a sort of control for how much data the lab collects? For ex; Minimal (Most important logs/alerts), Moderate(Prod style),Allthedata(For all data).
That way those with less system resources are still able to use the lab as it should be.
If this isn't possible maybe just some suggestions in the readme on different ways to adjust how much data the lab takes in?