dsvetlov
dsvetlov
The use cases and implementation process for this framework are not clear. Kindly ask everybody who is concerned to discuss it. From my point of view. These "tactics and technics"...
Hi all, I have seen an interesting [discussion about RP usage](https://github.com/atc-project/atomic-threat-coverage/issues/173#issuecomment-606992118). I would like to talk about your and my use cases for response playbooks. In my ATC installation, RPs...
Does 411 support ES 7.0?
For lumberjack inputs properly working, we need to generate ssl cetificate for logstash in playbook.
Alerts of Rule: 596 (level 5) -> 'Registry Integrity Checksum Changed Again (3rd time)' not parse correctly.
Alerts of Rule: 533 (level 7) -> 'Listened ports status (netstat) changed (new port opened or closed).' not pars correctly.
Now users can access dashboards only typing it's URL in browser. It's possible to load dashboard to elasticsearch, so it will be available in Kibana standard menu.
It's good to display events from perimeter IDS/IPS (like Snort) and firewalls(like Cisco ASA or Cisco router).
Hello, request parameter TTL was deprecated long time ago. Sinse ES 6.4 it is no longer acceptable.
I tried o do it, but as I understand it is possible only with ruby code. I suggest to imlement it in this filter. Now in the output of cef...