Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Swap Splunk for Invoke-IR ACE and Helk #43

Closed
1332530 opened this issue Jan 17, 2018 · 1 comment
Closed

Swap Splunk for Invoke-IR ACE and Helk #43

1332530 opened this issue Jan 17, 2018 · 1 comment
Labels
feature-request no-fix-planned

Comments

@1332530
Copy link

1332530 commented Jan 17, 2018

This is not really an issue, but perhaps a direction that would be interessting, for users, but also for the respective devs of the 2 projects.

Alot of props for powershell based DFIR, and the HELK project contains very modular sysmon configs, a Spark analytics layer, and an integration with Invoke-IR ACE.

I feel kinda cheap raising this without actually offering to help out, but my devs skills aren't tip top =/
@clong
Copy link
Owner

clong commented Jan 19, 2018

Hi @1332530,

It's an interesting idea! That would require quite an overhaul of DetectionLab, and would probably belong on its own fork as I don't think it makes sense to actually replace Splunk in this project.

@clong clong closed this as completed Jan 23, 2018
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
feature-request no-fix-planned
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clong @1332530