Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow tagging per capture interface on Hedgehog Linux sensor #570

Closed
mmguero opened this issue Sep 30, 2024 · 1 comment
Closed

allow tagging per capture interface on Hedgehog Linux sensor #570

mmguero opened this issue Sep 30, 2024 · 1 comment
Assignees
@mmguero
Labels
enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor
Milestone
v24.10.1

Comments

@mmguero
Copy link
Collaborator

mmguero commented Sep 30, 2024

this document describes how tags can be configured for a hedgehog sensor.

A request came in from a Malcolm user to allow tags to be specified per-capture interface.
@mmguero mmguero added enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor labels Sep 30, 2024
@mmguero mmguero added this to the z.staging milestone Sep 30, 2024
@mmguero mmguero added this to Malcolm Sep 30, 2024
@mmguero mmguero moved this to Todo in Malcolm Sep 30, 2024
@mmguero mmguero moved this from Todo to Todo (design) in Malcolm Sep 30, 2024
@mmguero mmguero modified the milestones: z.staging, v24.10.0, v24.10.1 Oct 1, 2024
@mmguero mmguero self-assigned this Oct 16, 2024
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 16, 2024
@mmguero
Work in progress for idaholab#570, allow tagging per capture interfac…
9779364 
…e on Hedgehog Linux sensor
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 16, 2024
@mmguero
work in progress on idaholab#570
dc28103
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Oct 17, 2024
@mmguero
Revert "work in progress on idaholab#570"
0f669e5 
This reverts commit dc28103.
@mmguero mmguero moved this from Todo (design) to Invalid in Malcolm Oct 17, 2024
@mmguero
Copy link
Collaborator Author

mmguero commented Oct 17, 2024

Closing as "unplanned." The only way to do this with zeek will be to run multiple separate zeek clusters on each node, one for each capture interface, which is going to introduce a complexity to the sensors I don't think would be worth the issues that might arise from it. Not to mention the arkime and suricata sides. I understand the reasoning for the feature, it's just not feasible with the tools we're using.

@mmguero mmguero closed this as not planned Won't fix, can't repro, duplicate, stale Oct 17, 2024
@github-project-automation github-project-automation bot moved this from Invalid to Done in Malcolm Oct 17, 2024
@mmguero mmguero moved this from Done to Someday in Malcolm Oct 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor
Projects
Malcolm
Status: Someday
Milestone
v24.10.1
Development

No branches or pull requests
1 participant
@mmguero