Justin Henderson
Justin Henderson
Is it possible for this project to get JSON support? Windows Sysmon with XML is auto-handled by most log agents to abstract the XML parsing away. However, Linux log agents...
How do you feel about this proposal for field names? **Field name standards (always follow):** 1. Only use lower case characters (“first_name” instead of “FirstName”) 2. Avoid special characters except...
Need to add tag for if geo information from geoip lookup matches certificate information
Need to add verification checks against state and possibility locality fields. Each has a finite list of valid fields that can be used to verify the contents.
Need to extract fields from the tls.issuerdn field similar to how it is done with bro_x509. Also, should consider flattening and renaming the tls fields to match x509.
Currently if a source_ip is IPv6 it gets moved to source_ip_v6. However, the DNS resolving does not account for this. Most likely just need to use if statements to account...
Logstash configs for bro x509 certificates needs the certificate_not_valid_after and certificate_not_valid_before converted to dates from timestamps.
I have a fresh install of Ubuntu 16.04 and ADHD. However, I cannot get nova quasar to start. It fails with: /opt/nova/Quasar/quasar: line 7: cd: /usr/share/nova/sharedFiles/Quasar: no such file or...