Logan Lembke
Logan Lembke
The installer currently generates self signed certificates to encrypt communications to the Elastic server. We could replace the self signed certificates by having users add volume mounts to replace the...
Add `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12` to the agent script which forces Powershell to use TLS 1.2 rather than the default 1.0. This is only used to download Sysmon and WinLogBeat.
We should be able to create a dataset using the software normally and export that dataset so it can be re-used during QA cycles.
When viewing the Sysmon dashboard, the following error message is sometimes displayed:  The first case of this happening occurred in Microsoft Edge on Windows 10. After switching to Google...
https://github.com/activecm/espy/blob/8833ed5c1e72cd94dbc00e3d910494edcaed6a4a/scripts/installer/stage/Espy/install_espy.sh#L135
Right now, Espy will always insert log entries into the Elasticsearch index "sysmon-YYYY-MM-DD". In the future, we might want to support sending the log entries to a user configurable index.
https://redis.io/topics/persistence AOF looks like a worthwhile venture. They recommend using the snapshots with AOF. We could probably release without it at first. Brainstorming notes: How much resources do we expect...
I've been benchmarking the netflow codec for a tool that stitches IPFIX/ netflow data together into bi-directional sessions. The codec seems to run well when ingesting data from SonicWall and...