weslambert
Consider using something like yara.compile() to pre-compile YARA rules before providing them to Strelka to prevent issues with bad rules. https://github.com/target/strelka/issues/410#issuecomment-1835061158
There are many situations in which it would be useful to create SOC users in bulk. While this is currently possible by piping inputs and outputs, it would be ideal...
Only run Zeek if `global.mdengine` equals `ZEEK`.
Similar to `HiveAlerter`, allows the user to create events within [MISP](https://www.misp-project.org/) from Elastalert matches using the `MISPAlerter` class, and alert type of `mispalerter`. Rule format should be similar to the...
First of all, thanks for such an awesome tool! I really appreciate all of the effort that went into this project. However, I was wondering if the option already existed...
**Is your feature request related to a problem? Please describe.** Currently, we have to rely on comments to link a SQLECmd map file to a KAPE target file. We do...