Sascha Steinbiss
Sascha Steinbiss
I noticed that there is no license distributed with these files. Please provide one (e.g. BSD, ...) - this would make it easier to use these tools in a larger...
Previous PR: #11053 Changes to previous PR: * Add new `suricata.yaml` options to EVE Output documentation page. * Update example `outputs` section in documentation. ## Ticket Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6984 SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1826
DNSMonster seems to have had success with using Clickhouse for storage and indexing. It might make sense to investigate its use for balboa as well.
This PR addresses #35, allowing a query for more than one sensor ID in the `entries()` query. This is backwards compatible, since ```graphql query { entries(rdata:"1.2.3.4", sensor_id:["foo"]) { rrname sensor_id...
It would be nice to have GELF (https://docs.graylog.org/en/4.0/pages/gelf.html#gelf-payload-specification) compatible JSON logging output, as an additional logging option.
Suricata will get support for more DNS data from its parser: https://github.com/OISF/suricata/pull/5331 We need to make sure that this does not impact the Suricata feeder and also make use of...
It should be possible to purge data from a database, selected via some matching indicator. An example would be deleting all observations from a specific sensor ID.
Perhaps it is a good idea to see whether one could use https://github.com/google/oss-fuzz to fuzz-test the feeder components and the C backend.
At the moment, we have some first unit tests. This is fine to check correctness at a fine granularity. It would be nice as well to have a test case...
At least for the FEVER input, the feeder receives the IP of the answering DNS server. It could be useful to be able to store and query these data in...