Aaron Meihm
Aaron Meihm
When auditd is already running on the system, calls to AuditSetPID will end up failing, and do not provide any indication of what the issue is aside from an errno...
Right now go test fails unless the test is run as root, and netlink is available --- FAIL: TestNetlinkConnection (0.00s) libaudit_test.go:43: NewNetlinkConnection failed not root user, exiting panic: runtime error:...
Creating as a draft for now, This removes the thread sleep from the `UnboundedSource` `advance` interface. This seems to not be required, however the behavior of the advance method is...
The output path of the pipelines is currently limited to ingestion of `Alert` objects. This makes it difficult to persist other types of data from the pipeline that are not...
A new parser should be created to handle messages from Azure EventHub
The function should read events from EventHub and write them to GCP logging, similar to our other ingestion functions. An example we can start from: https://github.com/hwine/azure-notes/blob/master/log_scripts/log-relay
Provide a link with notification that results in a query to pull up applicable alerts.
Prefer `NEWVERSION` over `FILEUPLOADMNT`, and make use of new fields in alerts if possible
Currently cfgtick contains runtime options and transform documentation; it would be good in some cases to support the addition of arbitrary text blocks (potentially via configuration options) as well
The parser currently only supports processing nginx log data in the form of a Stackdriver jsonPayload entry. This should be expanded to also support raw nginx log lines (either in...