You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It appears that for (at least some) files.log entries, the FUID is getting set for both zeek.uid and zeek.fuid. It would be more useful to put the connection ID(s) in zeek.uid.
The text was updated successfully, but these errors were encountered:
Malcolm v2.6.1 contains the following changes:
v2.6.0...v2.6.1
* Added [TFTP](https://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol) [Zeek parser](https://github.com/zeek/spicy-tftp) and corresponding Logstash parsing, Arkime WISE support and Kibana dashboards
* Provide browser-based access to zeek/extracted-files directory (idaholab#34)
* Fix LDAP analyzer not parsing all events (idaholab#35)
* Provide more fine-tuned controls for Zeek's node.cfg in Hedgehog sensor (idaholab#36, /pull/158)
* set zeek.uid to conn_uids for files.log entries (idaholab#33)
* Modify Zeek build chain to use default GCC compilers instead of LLVM/clang,which reduces build dependencies
* Use Firefox instead of Chromium for browser in ISO-installed versions of Malcolm and in Hedgehog Linux
* Updated copyright notices in text from "2020" to "2021" (which is the bulk of the changed files in this commit)
* Version bumps
* Yara to 4.0.4
It appears that for (at least some) files.log entries, the FUID is getting set for both zeek.uid and zeek.fuid. It would be more useful to put the connection ID(s) in zeek.uid.
The text was updated successfully, but these errors were encountered: