sagan
sagan copied to clipboard
beave
** README ** This repo has MOVED to https://github.com/quadrantsec/sagan
Summary: When implementing a rule set for a customer utilizing the alert_time keyword coupled with custom Day and Hours variables an error is given stating: "[E] [04/19/2022 17:27:03] - [rules.c,...
** Please note ** This repo has moved! Please use https://github.com/quadrantsec/sagan . Please post feature requests and bug reports there. Thank you!
I have an idea for a useful feature. I think being able to match content, pcre, etc. on specific fields that are normalized would be really useful. In variable length...
From Steve: "Create flowbits based on anything found in a log. For instance, pull a username from a log and create a flowbit named the same as the username (user...
**Is your feature request related to a problem? Please describe.** Sagan can currently only output eve logs to regular file, and only one at a time. **Describe the solution you'd...
**Is your feature request related to a problem? Please describe.** JSON mapping includes a "hostname" field, but I am unclear as to what this is used for. I *could* map...
**Is your feature request related to a problem? Please describe.** I have some issues around the "date" and "time" fields which come from syslog, either as pipe-delimited fields or as...
**Is your feature request related to a problem? Please describe.** No **Describe the solution you'd like** Use Apache Kafka Queue(s) as a source of logs. also Kafka can used for...
