phil1090 issues

Repositories
Issues
Comments

Results 5 issues of


                                            phil1090

FEATURE: Support PCAP pivots for ICMP packets in SOC and Kibana

As an analyst, I need to be able to pivot on ICMP alerts or metadata and retrieve packets. Current support is TCP and UDP.

SOC

FEATURE: Add ability to show, export, and download one side of conversation in PCAP

An analyst could use the ability to filter the pcap view to one side of the conversation, i.e. client or server (leaving both as default), to optimize their pcap analysis....

SOC

PCAP

FIX: Ensure Hunt pivots on "*Missing" fields use correct search

The Hunt pivot on a missing field (from a multi-field aggregation) does not produce a useful search. For example, if the network.protocol field displayed "*Missing", pivots on the field would...

SOC

FEATURE: Add pivots for relational operators on numbers

An analyst could use additional pivots on a number field in Hunt: \> < maybe >= and

SOC

Support for Red Hat Enterprise Linux 8

could