The simpliest way to attach remote storage to archiver appliance is to
use nfs, but it could be that iscsi can provide more perfomance.
Archvier is based on RHEL 7.5 but do not includes software to connect to
remote iscsi targets. What is a best way ...
Hi If we look at winevent_nic parser and take 4732 event as example
(User was added to group) than user who perfromed action is placed in
user.dst meta and user which was added to group (new member) is placed
to user.srcFor me it is much clearly opos...
Hi! Is there any way to deduplicate events? Say we have two firewalls
(intrnal and external) and if some host tries to connect to internet
site we will have two log records with same ip.src, ip.dst, ip.dstport.
So It will be good to have ability to d...
Log collector able to recieve snmp traps, but I have not found any
documentation about snmp parser for logs configuration.There is sample
log from cyberark (unfortunately such messages cyberark able to send via
snmp only):%TRAP [device_addr=192.168.1...
In our environment we user log part only so this new array metas also
broke lots of my rules. Recently we user cast approach to transofrm
array values to string like: cast(host_alias,string) but in this case
casting add '[' and ']' character. I found...
Hi, Mark! I also have rule to detect beaconing activity to some web host
which is similar to ATD feature but works well with logs (not packets).
But this rule is under debugging stage. I need to upgrade to 10.6.0.2
(currently at 10.6.0.1) to support ...