Phil Hagen

need a readme on exporting custom dashboards with submission guidelines for GitHub inclusion.

It was suggested to add a pie chart or other visualization of TCP flags. 

I think the field name has changed somehow.

parse out PID, PPID, etc, etc.

test archived netflow import with CSV codec

1

does this make the data load faster? benchmark and test

it probably makes sense to add some screenshots to the readme

enrich bro dns logs

2

for any [answer] that is an IP, add to [ips] and grok to [answer_ip] for enrichment? passivedns makes this easy since each answer is its own log entry... may need...

for example, bro logs don't all go into the 'logstash' index... conn* goes into netflow, http* into httpdlog, etc. the script needs to accommodate these scenarios, then use 'logstash' as...

create filter plugin that takes a date and IP, then returns a binary flag on whether the IP was identified as a tor exit node at that time. requires historical...