Phil Hagen

ZOMG COMMENT ALL THE THINGS

2

add attrib header to each file as well

eg /configfiles-UNSUPPORTED/foousername/ (update the readme file(s) accordingly.)

Keep original message in all cases

1

before parsing anything, keep original message - probably in a non-analyzed string

Pull TLD from domains

3

can we pull TLD from domain data? Would be useful for pivoting to other intel sources, etc.

Without fail, running a `client.bulk_upload()` times out at 30 seconds, even on small files. If I invoke with a longer timeout, I get a 502 from the server. Code used:...

`cert_chain_fuids` and `client_cert_chain_fuids` are not logged

5

Documentation widely reflects that `cert_chain_fuids` and the client equivalent are logged in `x509.log`, but this is not the case. `cert_chain_fps` and the client equivalent are logged, but these have no...

https://www.cyberciti.biz/open-source/command-line-hacks/ag-supercharge-string-search-through-directory-hierarchy/ Multithreaded `grep -rail` equivalent

currently is a string - explicitly convert to float

remove the dynamic heap size calculations

2

elasticsearch seems to do this automatically now. validate and remove if so.

Consider "time in pipeline" calculation

1

See https://github.com/HASecuritySolutions/Logstash/tree/master/configfiles-OPTIONAL from @SMAPPER for root idea