We should consider mentioning that the single process/standalone mode of Zeek is not suitable for setups with significant amounts of traffic in the quickstart guide at https://docs.zeek.org/en/current/quickstart/index.html.

At the moment is is quite possible to read through this and to not realize that one will have to use a cluster in all settings that see a reasonable amount of traffic.

We need to update the documentation to reference the use of the newly updated hive_host field (no longer need hive_host/hive_port, as hive_host serves for both host and port).

See: Yelp/elastalert#2416 for more details.

• Operating System Version: Windows 10
• Provider (VirtualBox/VMWare): Terraform
• Vagrant Version: N/A
• Packer Version: N/A
• Are you using stock boxes (downloaded) or were they built from scratch using Packer? Terraform
• Is the issue reproducible or intermittent? Attempting to reproduce DetectionLab - Terraform issue #370

Please verify that you are building from an updated Master bran

split commands into command, argument structure, and example. i.e. Command: cmstp.exe; ArgStructure: /ini /s <inf_file>; Example: cmstp.exe /ini /s c:\cmstp\CorpVPN.inf [ ] Provide the project in DB format (sqlite)

Bug / Feature Request

Work Environment

Problem Description

There are no longer any default dashboards

Possible Solutions

Add the default da

I want to use my Windows machine for Timesketch development. Need to see if it's possible. and document the progress for others

See #88

Hi Florian, I have detected a rule with a false positive, triggering a DDE alert.

Rule: Office_OLE_DDE {

The file, related with iTunes updates, that is triggering the rule is:
http://swcdn.apple.com/content/downloads/56/00/091-97366/e23k1iiixvzrghv5grhee3kss1aqarqexq/AppleMobileDeviceSupport64.msi

File command detects it as:
AppleMobileDeviceSupport64.msi: Composite Document File V2 D

Is anyone experiencing the disappear of comments after uploading some date?
In this case after 6 mans:

Data inside is present, just the table with comments has problem, probably some js not correctly loaded.
Issue persists also restarting docker.

Description

The API doc doc/api.rst doesn't mention the Accept: header.

Environment

Expected behavior

It should be documented that the API expects to receive Accept: application/json a

I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #

We allow multiple commands to be specified by:
https://github.com/Netflix-Skunkworks/diffy/blob/master/diffy/config.py#L199

and
https://github.com/Netflix-Skunkworks/diffy/blob/master/diffy/config.py#L194

These are then issued in series on the host. However when multiple commands are passed the output is not properly collected in a valid json format. Moreover we have no way to separate ou

Work Environment

Problem Description

After updating database in Cortex, when the create adminis

I was wondering if you had any updated documentation that could be added. The most current documentation is for version 1.3.0 4 years ago, and I know there has been a lot of things added since then.

Thanks!

With the merge to allow Docker container execution per google/turbinia#488, update the documentation to explain how to use this feature.

expand/collapse tree current links to windows, but text controls pop up window. Put text and tree circle on the same horizontal rule, and give them both a similar border, drop the inheritance like from between them. (or possibly from the right hand side of the new border?)

Currently dumped credentials are not always easy to spot in the swap_digger logs especially for web credentials.
Also it would be better not to print duplicates and empty passwords