Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invalid: -x option in logon-summary and eid-metrics will result in duplicate results #1478

Open
YamatoSecurity opened this issue Nov 7, 2024 · 1 comment
Labels
invalid This doesn't seem right

Comments

@YamatoSecurity
Copy link
Collaborator

Turning on -x to carve records from slack will often result in duplicate events being read, however, logon-summary and eid-metrics does not do any filtering for duplicate events. I think we need to keep track of timestamp, etc.. information for events only when -x is being used and filter on duplicate events before giving results in order to give more accurate results.

@YamatoSecurity YamatoSecurity added the invalid This doesn't seem right label Nov 7, 2024
@YamatoSecurity
Copy link
Collaborator Author

@hitenkoku If you have time, could I ask you to do this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
invalid This doesn't seem right
Projects
None yet
Development

No branches or pull requests

1 participant