Marc Smeets

Would make sense to import all the IPs from Abuse etc into ES and query from there, match with imported IPs from red team (infra) and alarm when matched. Some...

After discussion with @fastlorenzo we are moving this out of the beta6 milestone, lower prio.

Should include a way to handle the situations where we are blocked by or get an error from one of the domain classifiers. For example, if the most recent check...

After discussion with @fastlorenzo, decided that this first needs restructuring of how we handle domain info. So this is pending on #270

Great to see this initiative. Would be great to achieve this. The stated list is still valid for any type of C2. With the exception of the rtops name fields...

Great to see a C2 creator that has already thought about logging 👍 JSON log format should be workable. Havent used it yet, but Elastic has support for incoming JSONs....

Thanks for the example data! Really helps us getting started (when we find the time). Wrt ATT&CK nrs, there are two parts: 1. RedELK just stores in the Elasticsearch fields...

Hey thank you for this. Looks really cool. Before merging, we would need to do some testing of this. The core RedELK developers do not use Sliver in their ops,...

You mean new user for the entire ops, or user-system combo?

I agree. Im just thinking of the added value. At least in our ops we have new implant notification done near instantly via other means. Having also RedELK do this...