Doug Burks

icon indicating a website link https://securityonionsolutions.com icon indicating an email [email protected]

icon company Security Onion Solutions LLC icon location United States icon location Founder and CEO of Security Onion Solutions LLC

Results 17 comments of Doug Burks

Installation Bug Report - ElasticSearch Container

From https://docs.securityonion.net/en/2.3/best-practices.html#avoid-third-party-software-and-modifications: _hardening guidelines may break functionality, so if you must apply those hardening guidelines, we recommend testing thoroughly before deploying to production_

Installation Bug Report - ElasticSearch Container

My point is that it's a **_known issue_** that hardening guidelines may break functionality. If you're going to implement hardening guidelines, then you must be prepared to implement your own...

Feature Request: Add community_id to all network log types

@ckreibich Has anything changed since your last comment in 2020? Thanks!

Feature Request: Add community_id to all network log types

@mavam For logs that don't already have community_id, we can enrich them using Elastic's community_id processor. However, in some cases, that processor doesn't find all of the information it's looking...

Feature Request: Add community_id to all network log types

@mavam Yes, that's correct. We've considered updating our Elastic ingest parsers to set protocol where necessary, but from an overall architecture perspective it feels like all of this really should...

Feature Request: Add community_id to all network log types

@ckreibich That's good news! Thanks for being willing to look into this! Avoiding the pivot via conn.log is definitely a valid concern, although personally I'd classify that as more than...

Disable Disk-based Shard Allocation

Hi @Reedtechno , Thanks for the PR. Per our discussion today, it's probably best to keep disk-based shard allocation enabled because we really don't want to let the partition hit...