Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle multiple NetBox sites #449

Closed
mmguero opened this issue Mar 19, 2024 · 2 comments
Closed

handle multiple NetBox sites #449

mmguero opened this issue Mar 19, 2024 · 2 comments
Assignees
@mmguero
Labels
capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash netbox Related to Malcolm's use of NetBox sensor For issues dealing with the Hedgehog OS capture sensor upload Relating to PCAP and/or Zeek log ingestion
Milestone
v24.06.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Mar 19, 2024

NetBox has the concept of sites. Malcolm doesn't handle multiple sites very well (at all, really), it just lets the user provide a NETBOX_DEFAULT_SITE value that is checked against tags for upload and used for live capture.

We should allow multiple sites, which means we need to provide a way to associate captured data with a particular site. This includes:

  • uploaded pcap: the upload interface should allow the user to specify a site name to associate with files uploaded in a batch of PCAP files
  • hedgehog linux: when setting up capture hedgehog should allow the user to specify a site name
  • malcolm live capture: when capturing from local network interfaces we should allow Malcolm to specify a site (this might be the NETBOX_DEFAULT_SITE variable above)

This needs to come through for all uploaded data and captured with Zeek and Suricata. We could look at arkime as well although I'm not sure where it would be specified for arkime data. The value is stored today in source.device.site and source.segment.site and destination.device.site and destination.segment.site.
@mmguero mmguero added capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash upload Relating to PCAP and/or Zeek log ingestion sensor For issues dealing with the Hedgehog OS capture sensor netbox Related to Malcolm's use of NetBox labels Mar 19, 2024
@mmguero mmguero added this to the z.staging milestone Mar 19, 2024
@mmguero mmguero added this to Malcolm Mar 19, 2024
@mmguero mmguero moved this to Todo (design) in Malcolm Mar 19, 2024
@mmguero mmguero modified the milestones: z.staging, v24.04.0 Mar 19, 2024
@mmguero mmguero modified the milestones: z.staging, v24.05.0, v24.04.0 Mar 27, 2024
@mmguero mmguero modified the milestones: v24.04.0, v24.05.0 Apr 4, 2024
@mmguero mmguero self-assigned this Apr 23, 2024
@mmguero mmguero mentioned this issue Apr 29, 2024
Closed
@mmguero mmguero modified the milestones: v24.05.0, z.staging Apr 29, 2024
@mmguero mmguero modified the milestones: z.staging, v24.06.0 May 20, 2024
@mmguero mmguero moved this from Todo (design) to In Progress in Malcolm Jun 11, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 11, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites. uplo…
5117f29 
…ad and logstash parts are mostly working
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 11, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites. uplo…
829d279 
…ad and logstash parts are mostly working
@mmguero
Copy link
Collaborator Author

mmguero commented Jun 11, 2024

Site will be definable in upload window, queried from NetBox's list of extant sites:

Image

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 11, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites
d52683f
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 12, 2024
@mmguero
major work in progress for idaholab#449, handle multiple netbox sites…
3ce029a 
…. reworked netbox lookup to be per-site for everything
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 12, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites
59fe0ce
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 12, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites
6d592e6
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 13, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites
23fb318
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 19, 2024
@mmguero
work in progress for idaholab#449, handle multiple netbox sites
aa56f1c
@mmguero
Copy link
Collaborator Author

mmguero commented Jun 19, 2024

Image

Image

Image

Image

Image

Image

As far as I can tell this is all working correctly now. I'll continue to test and reopen if I find anything. Also there may be improvements we can do in the future for this, but for now I think it seems good.

@mmguero mmguero closed this as completed Jun 19, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Malcolm Jun 19, 2024
@mmguero mmguero removed the status in Malcolm Jun 19, 2024
@mmguero mmguero moved this to Done in Malcolm Jun 19, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 19, 2024
@mmguero
work in progress for idaholab#449, documentation updates
8d91704
This was referenced Jun 26, 2024
Merged
Merged
@mmguero mmguero moved this from Done to Released in Malcolm Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash netbox Related to Malcolm's use of NetBox sensor For issues dealing with the Hedgehog OS capture sensor upload Relating to PCAP and/or Zeek log ingestion
Projects
Malcolm
Status: Released
Milestone
v24.06.0
Development

No branches or pull requests
1 participant
@mmguero