osdfir-infrastructure icon indicating copy to clipboard operation
osdfir-infrastructure copied to clipboard

Published 20 hours ago verified publisher icon google

Hashr integration

Open wajihyassine opened this issue 1 year ago • 1 comments

Name and Version

charts/osdfir-infrastructure

What is the problem this feature will solve?

Adding Hashr functionality into OSDFIR Infrastructure to build hash sets off processed data

What is the feature you are proposing to solve the problem?

Integrating Hashr into OSDFIR Infrastructure. This can be either directly in the Timesketch chart then would need to update the Timesketch config or within the OSDFIR Infrastructure to use as standalone.

What alternatives have you considered?

No response

wajihyassine avatar Jul 14 '23 20:07 wajihyassine

PR #140 adds the HashR importers for GCP, targz, rpm, zip, iso9660, deb

The importers for GCR, AWS, Windows and WSUS are still missing. They need a bit different configuration and some testing before they can be added.

Next step:

  • Add missing importers
  • Add the OSDFIR / Timesketch integration
  • Consider using GCP workload identity which is the recommended method. That way no need to export keys and can use the init-gke.sh script to bootstrap the service account.

jkppr avatar Apr 24 '24 20:04 jkppr