evebox
evebox copied to clipboard
jasonish
Web Based Event Viewer (GUI) for Suricata EVE Events in Elastic Search
Most of the time I am interested in aggregated counts rather then individual alerts. I started out with ACID (yes that was a while ago ;) and then moved to...
Would it be possible to make it so you can archive alert IDs for the entire selected time range and not just the visible events on screen?
Hi, Thanks for your nice job, evebox is efficient and useful for us. Would you think it possible to add, as it exist in Snorby, a lookup source feature. You...
It would be nice to have a direct link to a dumpy generated pcap, instead of first opening the dumpy web page. Perhaps some sane defaults about the timerange can...
Hi, i have 2 different machine in which one of them runs suricata and the other one runs ELK stack. From my understanding, to use the evebox agent i need...
Hello, I'm trying to make Evebox connect to an Elasticsearch server using https with a certificate signed by a custom CA. I keep getting the following error: > 2022-08-12 10:13:11...
Many rules have a reference, add a link much like is done on https://rules.evebox.org.
Today I wanted to annotate an escalated event by adding a comment, but it seems this functionality had disappeared ? I used this in 0.16 and below, but I cannot...
For Logstash style indexes, EveBox should be able to delete indexes older than a certain date, much like the old `curator` tool. This does not apply to datastreams which should...
Is it possible to use the additional-fields as filters ? I've added the additional-field and it work I see in the data, but I am not able to filter with...
