Distributed Kansa at Enterprise scale

[EagleOneJK]

@davehull Please DM me at your earliest convenience. I am an employee at a large financial institution and we have been continuing development of the Kansa project internally for the last 3 years. We've made a lot of really cool enhancements and we're interested in contributing them back to the community. Our IP/legal/openSource teams have asked me to reach out to you to start a dialog about the best way for us to contribute (pull/merge vs fork vs other). I'd love to talk with you about it.

We have successfully achieved running Kansa realtime against up to 150K endpoints with integration in our ELK stack and live metrics/dashboards, new IR modules, etc...we think the InfoSec community could really benefit from this work, and we could benefit from other contributors adding modules that fit in our enhanced framework. You can reach me on Twitter @Jon14119114

[PolarBearGod]

For anyone following this, there is going to be a talk at the SANS DFIR Summit presenting this. https://www.sans.org/event/digital-forensics-summit-2020/summit-agenda