activecm/espy issues and pull requests

#76 - Update shell-lib (os-release, RHES 9)

Pull Request - State: closed - Opened by J0RDANI over 1 year ago

#75 - Add add_host_metadata processor to fresh winlogbeat v8 configs

Pull Request - State: closed - Opened by Zalgo2462 over 1 year ago

#74 - Winlogbeat v8 config is missing host metadata processor

Issue - State: closed - Opened by Zalgo2462 over 1 year ago
Labels: bug

#73 - Don't use sudo when calling install_docker.sh

Pull Request - State: closed - Opened by Zalgo2462 over 1 year ago

#72 - Switch from Debian Stretch to Buster

Pull Request - State: closed - Opened by Zalgo2462 over 1 year ago

#71 - Debian Stretch is EOL and apt is broken inside the Espy container

Issue - State: closed - Opened by Zalgo2462 over 1 year ago

#70 - Update shell-lib (docker compose @v2)

Pull Request - State: closed - Opened by caffeinatedpixel over 1 year ago

#69 - Upgrade Winlogbeat to v8.x

Pull Request - State: closed - Opened by caffeinatedpixel over 1 year ago - 1 comment

#68 - Update shell-lib

Pull Request - State: closed - Opened by caffeinatedpixel almost 2 years ago

#67 - Upgrade Winlogbeat Shipped with Espy

Issue - State: closed - Opened by Zalgo2462 about 2 years ago

#66 - Ensure tzdata, iproute, and openssh-client are installed

Pull Request - State: closed - Opened by caffeinatedpixel about 2 years ago

#65 - Add documentation for forwarding logs to BeaKer's Elastic instance

Pull Request - State: closed - Opened by caffeinatedpixel about 2 years ago
Labels: documentation

#64 - Update shell-lib to add tzdata to required utils

Pull Request - State: closed - Opened by caffeinatedpixel about 2 years ago - 1 comment

#63 - Set minimum TLS version to 1.2 in winlogbeat config

Pull Request - State: closed - Opened by Zalgo2462 about 2 years ago

#62 - Match Winlogbeat TLS Version to Redis TLS Version

Issue - State: closed - Opened by Zalgo2462 about 2 years ago
Labels: bug

#61 - Espy error="strconv.ParseUint

Issue - State: open - Opened by OsMaster over 2 years ago - 1 comment

#60 - Update shell-lib to remove docker snap installations; fix `sestatus` bug

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#59 - Implement .msi installation package for the agent instead of powershell-based installation script

Issue - State: open - Opened by cr-secion over 2 years ago - 1 comment

#58 - Winlogbeat configuration prone to Man-in-the-Middle attacks

Issue - State: open - Opened by cr-secion over 2 years ago

#57 - Update shell lib

Pull Request - State: closed - Opened by fullmetalcache over 2 years ago

#56 - Update README with agent installer and DNS updates

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#55 - Update readme to suggest Ubuntu 20 over Ubuntu 16

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#54 - Forces the TLS Version for Invoke-WebRequest to 1.2

Pull Request - State: closed - Opened by fullmetalcache over 2 years ago

#53 - Installation Fails on Windows 2016

Issue - State: closed - Opened by fullmetalcache over 2 years ago
Labels: bug

#52 - Fix Missing Directory Issue for Installation

Pull Request - State: closed - Opened by fullmetalcache over 2 years ago - 3 comments

#51 - Installer Attempts to Write to $Env:programfiles\Sysmon\ Directory without Checking it Exists

Issue - State: closed - Opened by fullmetalcache over 2 years ago
Labels: bug

#50 - Update shell-lib to support docker-compose on ubuntu 16.04 and centos7

Pull Request - State: closed - Opened by caffeinatedpixel over 2 years ago

#49 - Update bundled version of shell-lib

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#48 - Merge Sysmon configs; Don't overwrite Winlogbeat configs

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#47 - Add Sysmon DNS Support

Pull Request - State: closed - Opened by Zalgo2462 over 2 years ago

#46 - Merge sysmon config with existing config

Issue - State: closed - Opened by Zalgo2462 almost 3 years ago

#45 - Update Readme to Include Data Forwarding Instructions

Issue - State: closed - Opened by mrkeithchew over 3 years ago
Labels: documentation

#44 - Minor Typo Line 28 of espy.yaml

Issue - State: open - Opened by mrkeithchew over 3 years ago

#43 - Set TMPDIR in espy script if TMPDIR is mounted as noexec

Pull Request - State: closed - Opened by Zalgo2462 over 3 years ago - 3 comments

#42 - Installation/ Espy script fails on systems with /tmp mounted as noexec

Issue - State: closed - Opened by Zalgo2462 over 3 years ago

#41 - Update shell-lib

Pull Request - State: closed - Opened by Zalgo2462 over 3 years ago

#40 - Updating shell lib

Pull Request - State: closed - Opened by fullmetalcache over 3 years ago

#39 - 38 branch updates

Pull Request - State: closed - Opened by fullmetalcache over 3 years ago

#38 - Apply BeaKer Updates to Agent Installer

Issue - State: closed - Opened by caffeinatedpixel over 3 years ago

#37 - Espy supporting DNS Logs

Issue - State: closed - Opened by william-stearns almost 4 years ago - 1 comment

#36 - Bump winlogbeat to v7.10.2 to make implementing secure TLS encryption efficient

Issue - State: closed - Opened by william-stearns almost 4 years ago - 1 comment

#35 - Espy agent may conflict with existing winlogbeat installations

Issue - State: closed - Opened by william-stearns almost 4 years ago - 1 comment

#34 - Absence of acmlib.sh identified during install

Issue - State: closed - Opened by N3anderthal almost 4 years ago - 1 comment

#33 - Update submodule

Pull Request - State: closed - Opened by 0x6d6f7468 almost 4 years ago

#32 - Submodule Reference Update

Pull Request - State: closed - Opened by Zalgo2462 almost 4 years ago

#31 - Submodule Reference Update

Pull Request - State: closed - Opened by 0x6d6f7468 almost 4 years ago

#30 - Update Submodule Reference

Issue - State: closed - Opened by 0x6d6f7468 almost 4 years ago

#29 - Disable custom Elasticsearch prompt

Pull Request - State: closed - Opened by ethack almost 4 years ago

#28 - Consider putting ES config behind flag in installer

Issue - State: open - Opened by Zalgo2462 almost 4 years ago

#27 - Add Elasticsearch Index to Config File

Issue - State: open - Opened by Zalgo2462 about 4 years ago

#26 - Update Github Workflows

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#25 - Add install_acm.sh integrations with AI-Hunter and BeaKer

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#24 - Add Elasticsearch configuration prompts to installer

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#23 - Have Espy Try to Reconnect to Redis

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#22 - Transfer ECS data from Redis to Elasticsearch

Pull Request - State: closed - Opened by caffeinatedpixel about 4 years ago

#21 - Merge BeaKer

Pull Request - State: closed - Opened by Zalgo2462 about 4 years ago

#20 - Add Aggregation Group Fields to Zeek Files

Pull Request - State: closed - Opened by caffeinatedpixel about 4 years ago

#19 - Add support to AI-Hunter middleware for tagged IP addresses

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#18 - Handle endpoint reconnection to Redis

Issue - State: closed - Opened by caffeinatedpixel about 4 years ago - 1 comment

#17 - Check for CTRL C every second if there is no data in Redis

Pull Request - State: closed - Opened by Zalgo2462 about 4 years ago

#16 - Generate new user secrets for each install

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#15 - Add script to generate certificates and enable Redis TLS

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#14 - Decide on Redis Persistance

Issue - State: open - Opened by Zalgo2462 about 4 years ago

#13 - Create installation and runner scripts

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 2 comments

#12 - Make a concrete plan for BeaKer integration

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#11 - Dockerize go code to run as a service

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#10 - Add support to RITA for log entries tagged with aggregation groups

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 6 comments

#9 - Add aggregation group id to Zeek file writer

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#8 - Tag ECS data with aggregation group id

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#7 - Create (agent, network) -> aggregation group config file

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#6 - Solve the ambiguous private IP issue

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 5 comments

#5 - Write Go code to write ECS data out to Zeek style connection files

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#4 - Write Go code to push ECS data into Elasticsearch

Issue - State: closed - Opened by Zalgo2462 about 4 years ago

#3 - Write Go code to pull in ECS data from Redis into RAM

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#2 - Add a docker compose file to stand up Redis on on the host

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

#1 - Add winlogbeat config file for sysmon id 3 and redis

Issue - State: closed - Opened by Zalgo2462 about 4 years ago - 1 comment

GitHub / activecm/espy issues and pull requests