Tyler Morris
Tyler Morris
Minimega enviroment has been deployed to test scalability over a two week period. Virtual machines are being built out along with corresponding LME infrastructure.
In-progress. Current scale test is using only Windows 11 VMs.
Continuing to convert Sigma rules to ElastAlert
We have a working script that converts sigma rules to ElastAlert. Validation testing this script.
Have ElastAlert monitor index that houses alerts from within Kibana and send notifications. We can add sigma rule alerts to this index.
Exploring adding this to an ansible playbook to automate the installation.
Issue was fixed with PR #632
Will provide examples of what documentation via a seperate repo will look like.
This capability is being explored for it's feasability. We are currently putting together pro/con documentation on either using an ISO or OVA along with modifying the ansible playbooks to potentially...
A proof of concept has been posted within the [offline-installation](https://github.com/cisagov/LME/tree/offline-installation) branch.