fls -m "" defaults to / without warning or mention in documentation

[-m dir/]

	-m: Display output in mactime input format with
	      dir/ as the actual mount point of the image

Bug / Feature Request

Work Environment

Problem Description

There are no longer any default dashboards

Possible Solutions

Add the default da

Description

When we have an automatic email reports configuration and there are no alerts to be reported that day (e.g the rule or group of rules that we have configured in reports have not triggered during the day), the report will not be sent.

This is not good behavior because it can lead the user to think that the automatic reports are not working.

Let's also say that I have to sen

You can't add the the event handler until the response app is up. But every time the container starts, ngrok creates a new random inbound port.

I couldn't figure out what order to do these things in, so I gave up.

There is a broken link in the README.md file, in the sentence that reads:

Right clicking on a node exposes a context menu that allows you to run graph mutators.

It appears that the word graph mutators in the above sentence is intended to link to a mutators.md file under docs. But it seems that no such file exists. Is there another document it should be pointing to? Let me know if I ca

One change we are seeing in our industry is the wider adoption of the belief that being able to distill an incident down to a single root cause is a myth[1][2]. As the complexities of our systems grow the complexities of our incidents grow, and trying to isolate an incident to one item doesn't result in the types of learnings we need to come out of those incidents.

The truth is that each incide

Hi,
I have a problem with a modify.
I wish to split one entry in 2 differents fields. For example I have This IP with port [2a01:c206:3003:3104::1]:9001.
I with to split ip and port.
I try to do this:

[
    {
      "rulename": "IPv6port",
      "if": {
            "source.account":"]:(([0-9]+))"
      },
      "then": {
            "source.port":"{matches[source.account][0]}

Unit tests need to be created that tests obfuscating with all possible Mutator permutations that are 2 Mutators long. So basically given the dozen or so current Mutators, make sure Mutators don't just work on their separately, but together as well. I've run into a few random cases where using Mutators in specific combinations produces faulty payloads, and want a test that can do this for me.

Us

Include Dockerfile in root of project

Request Type

Feature Request

Description

As part of the development and release cycle, please include the Dockerfile generated by docker.sbt in the root of the project so that the container can be built directly from the repo itself.

Thishttps://www.velocidex.com/blog/medium/2020-03-06-velociraptor-post-processing-with-jupyter-notebook-and-pandas-8a344d05ee8c/) blog post shows a screenshot of someone granting the API user the "ALL_QUERY" permission, which from the error I get in jupyter should be "ANY_QUERY".

Hi
i am using docker-compose in windows 7
postgres,rabbitmq and django application services build,but nginx service has an error!

nginx:
volumes:
- ./nginx_docker.conf:/etc/nginx/conf.d/default.conf

in this part "nginx_docker.conf" is not a directory and i have error "not a directory" in running "docker-compose up" command.
what is your solution for my problem?

The Table of Contents does not show all the sections in the Install Guide, and the First Start section needs to be updated starting with the title and correcting other verbiage issues within the section text.

Hi team,

I have noticed that the log examples found in 0610-win-ms_logs_rules.xml don't match their rules.
It is due the fields providerName and channel aren't correct.

https://github.com/wazuh/wazuh-ruleset/blob/725a0155cfde0a849729d9d174f03e1453e31242/rules/0610-win-ms_logs_rules.xml#L37-L63

To match rules 63103, 63104 and 63105, the logs must have matched before rules `60

Create an interface within the plugin to add notes, tags and other manually captured items analysts might want to keep track of, and have the notes displayed in the popups as well.

Any feedback or ideas for this are welcome.

Looking to validate IOCs prior submitting them to Cortex in an app I'm developing.

This needs to consist of validating them (is 192.168.001.001 an IP? Or can it be converted to be valid), and also normalising them to be consistent (http://www.google.com/home.html?test=hello%2bworld is normalised to
http://www.google.com/home.html?test=hello+world) so future submissions can be joined on the s

Hi,

would be nice to see the referenced cases in system overview table as also in export formats.

Filtering on those kind of data would be nice too.

Regards,
Hendrik