Mike Cohen
Mike Cohen
When the config file specifies the Init option, the initialization function will be named that (by default it is init() ). Users can specify an exported name which needs to...
Initialization is automatically done in init() function. This means that even if the binary knows it is not going to use the files (e.g. through command line options) the data...
Currently if the parent process is exited then the entire row is dropped. Same with Windows.System.SVCHost
Depending on the authenticators the user password may be reset. Make it easy to do in the GUI and VQL - Currently only admin can change passwords - we need...
When a query returns a lot of logs the GUI just puts them all at the bottom of the cell but this means that there could be a lot of...
Needs more investigation but sometimes sparse files are not correctly collected. We also need an easy way to rebuild sparse files by padding them out from the offline collector.
Currently we can not really delete event data other than remove the files from the filesystem. We need a better way. This is a bit challenging because we need to...
Elastic 8 breaks support for the _type field. https://www.elastic.co/guide/en/elasticsearch/reference/7.17/removal-of-types.html I think we just need to convert our use of `_type` to just `type` but I need to verify it with...
Currently we only support dd images so we need to use ewffuse or similar to access the ewf data. This is an extra unnecessary step and we should be able...
Currently alerts can be created in VQL using `watch_monitoring()` to watch for events from clients and server. This work but it is very cumbersome and requires a lot of custom...