Mikhail Kasimov
Mikhail Kasimov
Hello! In ```maltrail.conf``` to add support for ```SYSLOG_SERVER``` and ```LOGSTASH_SERVER``` options in ```[Server]``` section to make it possible to send messages to remote syslog/SIEM about successful and failed log-ins: ```...
Hello In current state we have just result of analysis, without and details/summary for: a) what file was analysed, b) size of file was analysed, c) time, that was taken...
Hello! ```python-3.6-pylint``` for: ```/sensor.py```: ```W: 18, 0: Uses of a deprecated module 'optparse' (deprecated-module)``` ```/server.py```:```W: 14, 0: Uses of a deprecated module 'optparse' (deprecated-module)``` Refs: [1] https://stackoverflow.com/questions/3217673/why-use-argparse-rather-than-optparse [2] https://peps.python.org/pep-0389/ [3]...
Hello! Active bazarloader malware generates multiple connections to ```.bazar``` domains. Fortunately, for one single ```.bazar``` zone. Currently all requests to ```.bazar``` zone are covered by ```domain (suspicious)``` detection. But if...
Hello! Subj E.g.: ``` SYSLOG_SERVER=192.168.1.15:514 SYSLOG_SERVER_1=192.168.1.16:514 SYSLOG_SERVER_2=192.168.1.17:514 ... LOGSTASH_SERVER=192.168.1.15:5000 LOGSTASH_SERVER_1=192.168.1.16:5000 LOGSTASH_SERVER_2=192.168.1.17:5000 ``` to send info simultaneously to various of log-servers\SIEMs.
Hello! E.g. admin wants to parse all ```elf_mirai``` detections during the ```last week | 2 weeks | month | 3 months | 6 months | 12 months | etc ```...
Hello! Subj. Can be useful for cases, when two parameters have close results (marked by red), and there's need temporary to hide one line to see another one normally. 
Hello! I do not remember, if I put such issue before, but -- an idea to put ```HTTP:GET|POST``` instead of current ```HTTP``` in ```Type``` tab of GUI. It won't take...
In case of some trail multiple detection (static+N), to put detection "cloud" in ```info``` section with detection names were met in all triggered trails.  Doable?