sof-elk
sof-elk copied to clipboard
philhagen
Configuration files for the SOF-ELK VM
Hi, I experiencing problems with processing of UAL logs exported from GUI. In Logstash logs I can see following error: **[2022-08-21T15:00:18,976][WARN ][logstash.outputs.elasticsearch][main][78ba23061637f571536de8c17020910dffdb78b462421999c63525961184ceef] Could not index event to Elasticsearch. {:status=>400, :action=>["index",...
In testing the latest VM, I notice that the sof-elk_clear.py removes indices, however does not remove the log.json from the filebeats registry. Reloading logs via this script do not appear...
I have imported the public VM (20211006) into an AMI in AWS. I have done some simple testing attaching the resulting EC2 to my Workspace. SSH works, and the Kibanna...
I was attending the 6 Jun class at Fort Gordon with Mr. Hagen as our instructor. I set up SOF-ELK to receive netflow v9 from my pfsense Firewall and conducted...
Zeek files output in JSON format are not parsed properly. Need to detect JSON and handle appropriately, ideally tagging as such early in the pre-processing phase
Following https://velociraptor.velocidex.com/velociraptor-to-elasticsearch-3a9fc02c6568 it should be quite feasible to integrate Velociraptor flows into SOF-ELK using logstash-input-http and logstash-codec-es_bulk . Would be really great to have the possibility to also use Velociraptor...
Hi. This may be my error. I have opened port 5044 on the server and configured two servers (one filebeats on a linux host, the other WinLogbeats on a Windows...
e.g. `/etc/issue` should reflect EWB URL for FOR509, branding around specific class, etc. likely needs a variable set for the ansible-playbook command that defaults to "public" or something like that....
clear files that have been loaded and not modded in some time: https://pypi.org/project/filebeat-scrubber/