philhagen/sof-elk

Issues

• Format Python scripts with Black

  #289 opened a year ago by za
  1

• M365 UAL JSON Logs Not Parsed

  #285 opened 3 months ago by joshlemon
  11

• Missing ZipFileName and FileSizeBytes fields in UAL logs for SharePoint/OneDrive folder download operations

  #340 opened 2 months ago by dsusin
  6

• nfdump2sof-elk.sh debug issue

  #339 opened 2 months ago by philhagen
  0

• Add KAPE-parsed Eventlog records to the Eventlog Dashboard

  #338 opened 2 months ago by MTekinAU
  3

• Sysmon logs not being parsed by logstash

  #335 opened 4 months ago by matthewerobison
  1

• Refine post-merge hook script

  #330 opened 6 months ago by philhagen
  1

• Add border to SOF-ELK image so Dark Mode looks better

  #329 opened 2 months ago by philhagen
  1

• remove the dynamic heap size calculations

  #286 opened 3 months ago by philhagen
  2

• domain-stats no longer works due to refactor

  #319 opened 3 months ago by StarkZarn
  4

• Request for more Zeek JSON log support

  #303 opened 3 months ago by davidszili
  6

• Consider "time in pipeline" calculation

  #310 opened 3 months ago by philhagen
  2

• XFF_IP Field Not Handling Multiple IPs properly

  #314 opened 3 months ago by funkwhatyouheard
  14

• convert iptables uptime to float

  #315 opened 3 months ago by philhagen
  0

• Fix Azure logstash parser in public release

  #296 opened 3 months ago by Pierre450
  1

• update nfdump version

  #287 opened 3 months ago by philhagen
  0

• Root volume does not exist. Getting this issue when I am trying this Image with HyperV

  #334 opened 4 months ago by Abhishekpathania01
  2

• EVTX in JSON format not being interpretted.

  #290 opened a year ago by gru3zi
  4

• Enable Security for ELK stack

  #333 opened 5 months ago by Aquariius
  1

• Best practice for local Evtx ingestion

  #332 opened 5 months ago by aarislarsen
  8

• azure-vpcflow2sof-elk.py generates empty output

  #331 opened 6 months ago by Jurkiseczek
  9

• Consider replacing logstash syslog input with filebeat processor

  #328 opened 7 months ago by philhagen
  0

• [SOF-ELK - DEV AND TESTING - ECS] - Syslog Snare not parsing properly

  #326 opened 8 months ago by BrianMer
  13

• [SOF-ELK - DEV AND TESTING - ECS] - Syslog not parsing properly

  #325 opened 9 months ago by BrianMer
  9

• identify supported configuration for remote `filebeat` log shipping

  #327 opened 9 months ago by philhagen
  0

• Live NetFlow fails with latest filebeat

  #324 opened 9 months ago by philhagen
  0

• SOF-ELK CentOS end of life

  #292 opened a year ago by maersk-matthewkelly
  1

• Azure Storage Logs StorageWrite not parsed

  #321 opened a year ago by tuzux8
  1

• NetFlow UDP 9995 not listening

  #320 opened a year ago by stijnos1991
  6

• Logstash randomly crashing when starting

  #317 opened a year ago by BrianMer
  2

• update snare parsing

  #318 opened a year ago by philhagen
  0

• Wrong command line options in Wiki/log2timeline and Plaso

  #312 opened a year ago by BrianMer
  1

• Broken link in Wiki/Virtual Machine README - Plaso

  #313 opened a year ago by BrianMer
  1

• Broken link in Wiki/KAPE-Support

  #311 opened a year ago by BrianMer
  1

• Create cloud acquisition/export README document

  #275 opened 2 years ago by philhagen
  3

• increase LS thread stack size

  #299 opened a year ago by philhagen
  1

• Experiment with removing filebeat metadata

  #297 opened a year ago by philhagen
  2

• update filebeat inputs to use filestream

  #295 opened a year ago by philhagen
  2

• Evaluate fingerprinting to generate consistent document_id field

  #298 opened a year ago by philhagen
  2

• Use uncompressed filebeat shipping

  #302 opened a year ago by philhagen
  1

• SOF-ELK integrate with opensearch

  #301 opened a year ago by oodog0126
  1

• Event Name and Type not being parsed from mobile logs for GWS

  #291 opened a year ago by megan201296
  3

• Parse additional Google Workspace Email logs

  #294 opened a year ago by megan201296
  3

• Typo in wiki

  #300 opened a year ago by Pierre450
  1

• Parse Additional Fields from CloudTrail

  #293 opened a year ago by vikas891
  6

• [Feature Request] Support for IPinfo IP to Country ASN database

  #288 opened a year ago by abdullahdevrel
  4

• Logstash Azure parser: add GraphAPI log

  #282 opened a year ago by Pierre450
  7

• Move `asnstr` to runtime fields

  #277 opened 2 years ago by philhagen
  0

• Ship with old-license GeoIP databases

  #279 opened 2 years ago by philhagen
  0

• Missing IIS file format

  #278 opened 2 years ago by funkwhatyouheard
  15