Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow artifact upload to handle windows event logs #465

Closed
mmguero opened this issue Apr 29, 2024 · 2 comments
Closed

allow artifact upload to handle windows event logs #465

mmguero opened this issue Apr 29, 2024 · 2 comments
Assignees
@mmguero
Labels
enhancement New feature or request upload Relating to PCAP and/or Zeek log ingestion
Milestone
v24.06.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Apr 29, 2024

Currently the upload interface allows for uploading:

  • PCAP files
  • archive files (zip, tar.gz, etc.) containing Zeek logs

Although this departs a bit from Malcolm's bread-and-butter of network traffic, it's been requested by some users to allow the upload of files containing windows event logs, which should be processed similar to if they had been forwarded by fluent-bit.

Things to figure out:

  • what file format are the windows event logs in
  • adding a third path (right now it's just PCAP goes on way, zeek logs go the other)
  • changing the documentation and UI for upload to indicate that these file types are also allowed
  • parsing of these events and hooking into the same code used to parse what's generated by fluent-bit
  • is there any way the source of the event logs? possibly tangentially related to handle multiple NetBox sites #449
@mmguero mmguero added enhancement New feature or request upload Relating to PCAP and/or Zeek log ingestion labels Apr 29, 2024
@mmguero mmguero added this to the z.staging milestone Apr 29, 2024
@mmguero mmguero added this to Malcolm Apr 29, 2024
@mmguero mmguero moved this to Todo (investigate) in Malcolm Apr 29, 2024
@mmguero mmguero moved this from Todo (investigate) to Todo (design) in Malcolm Apr 29, 2024
@mmguero mmguero modified the milestones: z.staging, v24.06.0 May 15, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Jun 4, 2024

  • we'll support EVTX formatted files
  • this tool will do the conversion

@mmguero mmguero self-assigned this Jun 4, 2024
@mmguero mmguero moved this from Todo (design) to In Progress in Malcolm Jun 4, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 4, 2024
@mmguero
for idaholab#465, added evtx to filebeat dockerfile
31b1b3b
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 4, 2024
@mmguero
for idaholab#465, beginning work on supporting evtx files alongside z…
37859c7 
…eek logs
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 4, 2024
@mmguero
for idaholab#465, beginning work on supporting evtx files alongside z…
7391a2e 
…eek logs
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
f9e7f46
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
97f3002
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
a651a91
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
6ac92dc
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
e249f47
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
6484f6c
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 5, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
9d5a21f
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
2b02fc0
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
b4c4fdb
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
bc127cd
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
07f9cb2
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
c0b296f
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
ecdf3e0
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 6, 2024
@mmguero
for idaholab#465, work in progress for evtx file support
6a26499
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 7, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
c1cc55a
@mmguero mmguero moved this from In Progress to Testing in Malcolm Jun 7, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 7, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
7998b93
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 7, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
0af557b
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 7, 2024
@mmguero
for idaholab#465, work in progress handling uploading evtx files
08ec1e9
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 10, 2024
@mmguero
dashboard updates for for idaholab#465, work in progress for evtx fil…
e08a054 
…e support
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 10, 2024
@mmguero
dashboard updates for for idaholab#465, work in progress for evtx fil…
9e1b049 
…e support
@mmguero mmguero moved this from Testing to Done in Malcolm Jun 10, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Jun 10, 2024

Marking as "done" for now. There are things for future improvements, which we can talk about and track in other issues. Some of these might include:

@mmguero mmguero closed this as completed Jun 10, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Jun 10, 2024
@mmguero
dashboard updates for for idaholab#465, work in progress for evtx fil…
dfd70b8 
…e support
This was referenced Jun 26, 2024
Merged
Merged
@mmguero mmguero moved this from Done to Released in Malcolm Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request upload Relating to PCAP and/or Zeek log ingestion
Projects
Malcolm
Status: Released
Milestone
v24.06.0
Development

No branches or pull requests
1 participant
@mmguero