weslambert

While we typically don't have issues pulling PCAP using the authoritative VXLAN connection record, the logic that ties back alerts and other events could be improved to pull PCAP more...

It might be nice to have an option to automatically extract IPs, domains, URLs, hashes, etc into observables if an event is escalated to a case. We could look for...

Consider allowing analyzers to natively perform actions (based on results of analysis) through SOC without having to interface with Elasticsearch directly. For example: - Add a comment to an observable...

Currently, there is no way to handle file observables safely and effectively within SOC. We should provide an architecture and guardrails around file operations and uploads through analyzers.

Consider adding the ability to leverage a templated view for analyzer results as opposed to raw JSON for lengthy results. While we do provide a brief summary of the results...

Up until now, all Strelka communication has been local to a node. With the option to upload files to the cluster from an external source like an analyst workstation, we...

Create TLS certificate for use with nginx for all nodes running sensor services

Observed on Ubuntu 18 Network Install. Hostname was modified even though preflight check failed. It is expected that no changes should be made to a box if there is any...

https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-filestream.html