Comments (2)
orlikoski
commented on July 28, 2024
Those were enabled by default in prior releases and, as you mentioned, they are still configured with all dependencies installed yet disabled by default now.
The reason is that I've found both of them to be unreliable and require extra effort to make work each time, every time (often updates to TimeSketch can break things that previously worked). One of the key foundations for Skadi is that everything "just works" and since these features don't, they're disabled by default now.
That said, all the dependencies are there for those who have the skill and time to turn them on and troubleshoot them. If someone does figure out how to make them work reliably then please let me know and those features can be enabled by default again.
The uploading can be done through SCP and or CyLR and the processing with insertion into the ELK stack can be done by CDQR so the function of the uploading is in Skadi.
Example from existing Plaso file to TimeSketch format in ElasticSearch:
cdqr.py --plaso_db myfile.plaso --es_ts mycase
from skadi.
ecapuano
commented on July 28, 2024
Too true! I'll side with you completely on that... One of the reasons I was so excited to find this project is due to the headaches I've had doing that exact thing with each new build.
I prefer the "just works" nature of Skadi over the additional features.... If I can find some time to get it working, I'll reopen the convo.
Thanks again.
from skadi.
Related Issues (20)
- Using CDQR Docker instead of cdqr.py HOT 2
- 100% Containers HOT 2
- Skadi 2019.2: Create OVA, Vagrant Box, and Sign Build Script HOT 1
- Add Threat Intell Component HOT 2
- Investigate Using Secured ELK stack HOT 1
- Store all configuration files in orchestration engine HOT 1
- Allow Console/shell access for Portainer HOT 1
- TimeSketch
- Using docker-compose, yeti-beat keep on exiting HOT 3
- Using cdqr in latest skadi OVA system can't see zip file HOT 2
- cdqr docker helper doesn't HOT 4
- Configuring static ip address in the Skadi VM HOT 1
- Issues with cloning HOT 4
- Issue #124 still occurring
- Trouble converting zip file output to csv
- Update Secure Networking Add-on pack HOT 2
- Ubuntu Build Script Fails to Generate Passwords HOT 10
- Make ES Heap Size ENV Var HOT 2
- CyLR fails to load shared libraries when run from a compute engine HOT 1
- Update Build to use Python 3 for TimeSketch
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from skadi.