Hi,

I tried to enable the tls via default utility on free feature, but wasn't successful. Could you create a simple tutorial for this?

Use this checklist to track logstash wiki and documentation

• Update https://github.com/Cyb3rWard0g/HELK/wiki/Create-Plugins-Offline-Package
• Update HELK overview picture
  • remove alien vault integration
  • update with new indexes #256
• document catch all for windows
• document indexme catch all
• some general guideline on X amount of devices and or X amo

NOTABUG, but it doesn't look like you have a development mailing list.

I wrote up a project on doing structured logging using logstash-logback-encoder, and have been wondering if there are any other examples or written guidelines out there. Is there a repository for this?

Adding a way to clear the screen and mark a line is good idea, as we might have several lines/pages on each updated and can be hard to known where to start reading.
Clear will also clear stored buffer and mark can be used to track some event

For clean, a small button/trash is probably good enough, mark would be great if you could click or select with the mouse

Describe the bug
When using the init_kibana.sh, the script creates a new logstash-vulnwhisperer-* index. This one is however empty.

when I create a index myself, I see the elasticsearch hits. Since the UI elements are bound to the index ID of the created index, I c

When you use the formatter: ::Logger::Formatter the output does not prepend the config.log_tags.

What's interesting is the LogStashLogger::Formatter::* all include "tags":["127.0.0.1"] in the output.

Hey Mark,

maybe it's worth distinguishing out the purpose of this software, especially differentiate against:

• encoders only
• handlers only

What do you think? I see colleagues being a bit confused about what it does and when to use what. E.g. consider the STDOUT/fluentd case where no sending is needed at all.

Thanks and regards
👋 A.

Would be good to see if this can be implemented into the GUI to make use of the data retrieved from the events.

email_from_field: "data.user"
email_add_domain: "@example.com"

Reference: https://elastalert.readthedocs.io/en/latest/ruletypes.html#email

As an alternative (or addition), it would be awesome if there was like an 'advanced' section for the rules that allowed you to writ

Hi DSIEM people,

Not really an issue per-se, but I'm struggling to understand how you actually implement Intel Feeds for DSIEM.

From what I can gather, you are using Wise for Moloch to collect intel from various sources. But what I'm having trouble understanding is how you grab the normalized event, and then check the data in that event against a piece of intel.

I have read https://githu