sof-elk issues

Live NetFlow fails with latest filebeat

this is blocking testing of the `feature/ecs` branch in a new VM. While the fix something that needs to be handled upstream, I'm mentioning it here for awareness. Upstream issue:...

philhagen

VM

IIS logs with domain.local not parsed

Hi @philhagen ! Testing some IIS logs with username format domain.local\username and they seemed to fail parsing because of the '.' Example log ``` 2024-05-29 21:10:57 192.168.1.47 POST /FOO/some/path/login.aspx -...

ttakvam

Sysmon logs not being parsed by logstash

I've pulled down the latest public VM and using it to analyze some Windows Event Logs. I used KAPE to collect and do initial parsing with the KAPE SOF-ELK module...

matthewerobison

Best practice for local Evtx ingestion

8

What is the optimal way to ingest offline copies of extracted Windows Event Logs (evtx files) into SOF-ELK? I love working in SOF-ELK, but I find myself in the situation...

aarislarsen

Refine post-merge hook script

Add conditional handling so e.g. logstash only restarts if its configuration files changed, etc. See https://stackoverflow.com/questions/4877306/list-changed-files-in-git-post-merge-hook

philhagen

sof-elk
sof-elk copied to clipboard

Metadata

Live NetFlow fails with latest filebeat

IIS logs with domain.local not parsed

Sysmon logs not being parsed by logstash

Best practice for local Evtx ingestion

Refine post-merge hook script

← Metadata

Owner

Metadata

sof-elk sof-elk copied to clipboard

Metadata

Live NetFlow fails with latest filebeat

IIS logs with domain.local not parsed

Sysmon logs not being parsed by logstash

Best practice for local Evtx ingestion

Refine post-merge hook script

← Metadata

Owner

Metadata

sof-elk
sof-elk copied to clipboard