Ethan Robish

By default there is a socks proxy listening on port 1080 on localhost. If you'd like to make it available remotely you'll need to set the `BIND_INTERFACE` environment variable. https://github.com/ethack/docker-vpn#customizing...

I'm using the following workaround in VRL to format my timestamp in the default way ClickHouse expects: ``` .ts = format_timestamp(.ts, "%F %T%.9f") ?? .ts ``` I read in a...

Another thought: Would it be feasible in the long run to have the Watcher backend use the ElasticDSL backend similar to how the `ElastalertBackendDsl` does? https://github.com/SigmaHQ/sigma/blob/08ca62cc8860f4660e945805d0dd615ce75258c1/tools/sigma/backends/elasticsearch.py#L1191-L1202

You can use the default rita config in the repo. You need to provide your own directory for the Zeek logs though. Example: ``` CONFIG=./etc/rita.yaml LOGS=./zeek docker-compose run --rm rita...

If you are importing all 24 hours at once I'd recommend doing it an hour at a time instead. There's less for RITA to chew on at one time that...

1. Not sure if that is relevant to the core idea unless there are no other ways for intel.log to be populated with blacklist info. And there seems to be...

Just to be clear, I don't think this should replace rita-bl. A rita user requested it as an additional feature, but their main use case is supporting custom blacklists which...

Thank you for your suggestion! This should be doable, though the it may take some time. An easier fix we could do right away is change the default working directory...

I think you might be running into this issue: https://github.com/activecm/rita/issues/493 I don't have a workaround though as I think we just need that issue fixed.

Rather than opening a new issue, I'll summarize what I see as the steps that can close this one: - [x] Add an option on `html-report` to specify what directory...