Derek Ditch
Derek Ditch
Per elastic/elasticsearch@7d3ae5442537560de5578894699e0b08a9848fcb, the node name for master eligible nodes that are in the initial cluster discovery must match exactly the node name of the instance. This means that if fqdn's...
Kafka scales by adding partitions. By default, we currently only create a single partition per topic. The number of partitions should be a multiple of the number of consumers. In...
Fighting the aging Python 2 dependencies of FSF has gotten a bit painful over the last several releases. I'd like to propose we move to [Strelka](https://github.com/target/strelka) which is published by...
When systems are offline and can't reach NIST servers they won't be able to sync time. We should keep sensor pointed to NIST by default (or maybe offer config option...
We're gonna take this one step at a time, but Bro is the largest step. Migrate the data to the ECS fields, possibly with alias fields.
Taking this one step at a time, but migration of Suricata shouldn't be too painful.
When IP doesn't exist on a management interface, it's not obvious why the deploy fails. See https://community.rocknsm.io/t/add-inventory-to-etc-host/163/3 **Expected**: A check occurs before catastrophic failure to indicate that no management IP...
On a single host build, the following tasks are not idempotent: * [rock-molecule-single-node-instance-1] => bro : Update GeoIP * [rock-molecule-single-node-instance-1] => bro : Update owner for ROCK bro scripts *...
We have existing automation around geoipupdate to update sensors for use by bro and logstash. The geoipupdate binary distrubuted by EPEL only works for the discontinued GeoIP v1 databases. The...