sof-elk issues

Proper field name hygeine

3

How do you feel about this proposal for field names? **Field name standards (always follow):** 1. Only use lower case characters (“first_name” instead of “FirstName”) 2. Avoid special characters except...

SMAPPER

more extensive Snare parsing

parse out PID, PPID, etc, etc.

philhagen

test archived netflow import with CSV codec

1

does this make the data load faster? benchmark and test

philhagen

add screenshots

it probably makes sense to add some screenshots to the readme

philhagen

enrich bro dns logs

2

for any [answer] that is an IP, add to [ips] and grok to [answer_ip] for enrichment? passivedns makes this easy since each answer is its own log entry... may need...

philhagen

Parse Suricata logs

1

philhagen

overhaul sof-elk_clear.py to better handle sourcedirs

for example, bro logs don't all go into the 'logstash' index... conn* goes into netflow, http* into httpdlog, etc. the script needs to accommodate these scenarios, then use 'logstash' as...

philhagen

tor exit node determination

create filter plugin that takes a date and IP, then returns a binary flag on whether the IP was identified as a tor exit node at that time. requires historical...

philhagen

ZOMG COMMENT ALL THE THINGS

2

add attrib header to each file as well

philhagen

Put contributed parsing configuration files into user-specific directories

eg /configfiles-UNSUPPORTED/foousername/ (update the readme file(s) accordingly.)

philhagen

sof-elk
sof-elk copied to clipboard

Metadata

Proper field name hygeine

more extensive Snare parsing

test archived netflow import with CSV codec

add screenshots

enrich bro dns logs

Parse Suricata logs

overhaul sof-elk_clear.py to better handle sourcedirs

tor exit node determination

ZOMG COMMENT ALL THE THINGS

Put contributed parsing configuration files into user-specific directories

← Metadata

Owner

Metadata

sof-elk sof-elk copied to clipboard

Metadata

← Metadata

Owner

Metadata

sof-elk
sof-elk copied to clipboard