Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why did flag_regex, flag_hash and attack_info end up in the EnoLogMessage? #29

Open
Trolldemorted opened this issue May 26, 2021 · 2 comments
Open

Why did flag_regex, flag_hash and attack_info end up in the EnoLogMessage? #29

Trolldemorted opened this issue May 26, 2021 · 2 comments

Comments

@Trolldemorted
Copy link
Member

enochecker_core/enochecker_core/__init__.py

Lines 67 to 69 in 2f064c8

flag_regex: Optional[str]
flag_hash: Optional[str]
attack_info: Optional[str]

@ldruschk
Copy link
Member

Personally I found this useful for debugging. But it could be argued that in the cases where we are running the exploit method we are not using an ELK. Does this cause any issues in ELK?

@Trolldemorted
Copy link
Member Author

Any field name also shows up in FTS results (because it is present as a substring in the raw message which contains the json string), so you want to keep the fields to a minimum

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Trolldemorted @ldruschk