Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Swap Splunk for Invoke-IR ACE and Helk #43

Closed
1332530 opened this issue Jan 17, 2018 · 1 comment
Closed

Swap Splunk for Invoke-IR ACE and Helk #43

1332530 opened this issue Jan 17, 2018 · 1 comment
Labels
feature-request no-fix-planned

Comments

@1332530
Copy link

1332530 commented Jan 17, 2018

This is not really an issue, but perhaps a direction that would be interessting, for users, but also for the respective devs of the 2 projects.

Alot of props for powershell based DFIR, and the HELK project contains very modular sysmon configs, a Spark analytics layer, and an integration with Invoke-IR ACE.

I feel kinda cheap raising this without actually offering to help out, but my devs skills aren't tip top =/
@clong
Copy link
Owner

clong commented Jan 19, 2018

Hi @1332530,

It's an interesting idea! That would require quite an overhaul of DetectionLab, and would probably belong on its own fork as I don't think it makes sense to actually replace Splunk in this project.

@clong clong closed this as completed Jan 23, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request no-fix-planned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clong @1332530