Jason Ish
Jason Ish
Try this in the search box: ``` sensor-name.keyword:"AAAA-BBB-12" ``` I think what Elasticsearch does is analyzes/tokenizes the value and that is what you are searching against with just `sensor-name`, however,...
Closing as ebpf is enabled in the 6.0, 7.0 and git master containers already as can be seen with `--build-info`. Please open a new PR if more is required, or...
This looks like you may be using ECS which is still a work in progress? Are you using Filebeat with the Suricata module? If so, can you let me know...
Does your config look something like https://github.com/jasonish/evebox/wiki/Example-Filebeat-to-Logstash-Configuration? There are many ways to get the data into Elastic that all result in slightly different schemas, so I need as much detail...
Ok. This is a setup I haven't tested recently. Even though `ecs` might be present, Suricata events are only converted to `ecs` format when using the Filebeat Suricata module. So...
I'm initially curious why other protocols aren't having the same issue, or maybe they are. As this pattern used throughout.
Observation. In master branch without this patch: - by default, the `alert` record DOES NOT get the `pgsql` metadata - with `--simulate-ips`, the `alert` records DOES get the `pgsql` metadata...
> I vaguely remember a discussion where something connected was mentioned - by you, I think? Where we'd see different results between IDS/IPS... There are differences. Detection is run earlier...
Am I hearing that enabling bypass is often too broad? And the ability to bypass on a protocol by protocol basis should be easier to configure? Unfortunately, I don't have...
Converting to draft. This has a similar issue to the generated diagrams. If we generate the `rst` documentation in `conf.py`, `make distcheck` will fail, as when the documentation is generated,...