berggren
commented
2 years ago Yeah, the sessionizers needs a large refactor in general, and some cleanup/fixing. Do we want to keep them? If so, they need an overhaul.
Open itsmvd opened 3 years ago
berggren
commented
2 years ago Yeah, the sessionizers needs a large refactor in general, and some cleanup/fixing. Do we want to keep them? If so, they need an overhaul.
itsmvd
commented
2 years ago Yes we should keep them. This can remain assigned to me for now.
berggren
commented
2 years ago Ack, thanks for the update!
jaegeral
commented
1 year ago @itsmvd do you plan to work on this or shall we unasign?
itsmvd
commented
1 year ago Please feel free to unassign, the SSH sessionizer needs a bigger rework in general imo.
On Tue, Mar 28, 2023 at 3:43 PM Alexander J @.***> wrote:
@itsmvd https://github.com/itsmvd do you plan to work on this or shall we unasign?
— Reply to this email directly, view it on GitHub https://github.com/google/timesketch/issues/1858#issuecomment-1486915440, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQ45S2ZHWLIWZ2S2CKWC4PTW6LTGZANCNFSM47PISXHA . You are receiving this because you were mentioned.Message ID: @.***>
--
Maarten van Dantzig | Digital Forensics & Incident Management| @.*** | +61 447 892 727
The following types of sshd messages are not being picked up by the SSH sessionizer's regex.
[sshd, pid: 19774] Accepted password for admin from 1.1.1.1 port 62867 ssh2 [sshd, pid: 19774] Failed password for admin from 1.1.1.1 port 62867 ssh2 [sshd, pid: 23794] Connection reset by 1.1.1.1 port 10854 [preauth] [sshd, pid: 27039] Connection closed by 1.1.1.1 port 55752 [preauth]