espy
espy copied to clipboard
activecm
Endpoint detection for remote hosts for consumption by RITA and Elasticsearch
Hello , I'm getting this error when trying to install espy_1 | time="2022-08-15T09:06:55Z" level=fatal msg="Could not load configuration file" error="strconv.ParseUint: parsing "": invalid syntax" espy_espy_1 exited with code 1 espy_redis-server_1...
The current agent installation method using the powershell script (install-sysmon-beats.ps1) has several drawbacks, making it unsuitable for many production deployments: - Installation via powershell scripts is not a viable approach...
The agent installation script install-sysmon-beats.ps1 sets a winlogbeat configuration on the client that renders the TLS encryption useless, making the communication between client/agent and espy server prone to MitM. This...
Minor comment text correction needed on line 28 of espy.yaml CURRENTLY: # Ex: Password: "elatic's password" SHOULD BE: # Ex: Password: "elastic's password"
https://github.com/activecm/espy/blob/8833ed5c1e72cd94dbc00e3d910494edcaed6a4a/scripts/installer/stage/Espy/install_espy.sh#L135
Right now, Espy will always insert log entries into the Elasticsearch index "sysmon-YYYY-MM-DD". In the future, we might want to support sending the log entries to a user configurable index.
https://redis.io/topics/persistence AOF looks like a worthwhile venture. They recommend using the snapshots with AOF. We could probably release without it at first. Brainstorming notes: How much resources do we expect...