evebox
evebox copied to clipboard
jasonish
Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
I am importing events to sqlite without elastic. But only alerts from 1 hour ago are shown. How can i fix that?
Due to an issue in dependency libraries, EveBox cannot connect to an Elasticsearch server using TLS by IP address. It must use a hostname. While untested, this probably applied to...
how to add field Reference & link SID in .json field ? for view in eve-box and send to SIEM . Sample References Url: doc.emergingthreats.net/2001583 thanks for support ! Best...
Hello, I tried searching for this in previous issues but my apologies if it has already been discussed. I was wondering if it would be at all possible to modify...
Running Suricata in IPS mode, I'm often most interested in alerts that were also alert.action:allowed. Typically these are edge cases that I haven't set to block but would like brought...
 It would be great if we could attach notes to particular IPs without clicking through to see the entire history or the individual IP report. A small note with...
Hi, When on the elasticsearch cloud, hot/warm architecture, the performance of showing full flowid stream is very poor. It takes 50-60 seconds to have some data show up, but sometimes...
Currently SQLite does not support reports. Ideally it should support the same reports that Elastic Search can, or at least a subset of them. Related to issue #93
Related comment: https://github.com/jasonish/evebox/issues/51#issuecomment-308870202 Provide a way to auto-archive (mute) alerts probably matching a filter. Most likely SID, SID/src-ip, or SID/src-ip/dest-ip as thats the aggregation that EveBox uses. Events matching this...