Matthias Vallentin
Matthias Vallentin
@dougburks would piping the logs through an external tool that adds the extra column be an option?
Okay, so the `community_id` processor from Elastic would do the trick if it could use the right protocol, like `tcp`, `udp`, `icmp`, etc.? It sounds like that this information is...
Even though it sounds nice, I would consider internal threading as an anti-feature. Threads don't scale modern applications use a task-based method for concurrency. That said, creating a library that...
> Taffy cuckoo filters do support a `Union` operation - is that not what you're looking for? That's great, I wasn't aware of it. Looking at [the implementation](https://github.com/jbapple/libfilter/blob/f5dc88014aa5c129e861de94b5740ada99b4ba9e/c/lib/taffy-cuckoo.c#L314), it seems...
Unfortunately the library only supports a `std::vector` where `T` is an integral type as input. If I would have the time to maintain libbf, I would make the interface to...
Happy to support this effort!
When you say *→ Shuffle Workflow*, what are the requirements? Is this a HTTP POST request? Our [`http`](https://docs.tenzir.com/connectors/http) connector makes it possible to stuff events into the request body, if...
Looks great! A few points about the Tenzir boxes: - **Sigma**: The [`sigma`](https://docs.tenzir.com/operators/sigma) operator watches a directory for new rules. When you add or remove a rule, it will update...
Now regarding your use case of sending Sigma rule matches as POST requests. At a high-level, you'd want to deploy something like this: ``` from | sigma /path/to/rules | to...
> In the "from |", it could also use "import |" I would assume, as to make check from storage? The `import` operator is a sink (can only occur at...