Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Distributed Kansa at Enterprise scale #189

Open
EagleOneJK opened this issue Jun 26, 2019 · 6 comments
Open

Distributed Kansa at Enterprise scale #189

EagleOneJK opened this issue Jun 26, 2019 · 6 comments

Comments

@EagleOneJK
Copy link
Contributor

@davehull Please DM me at your earliest convenience. I am an employee at a large financial institution and we have been continuing development of the Kansa project internally for the last 3 years. We've made a lot of really cool enhancements and we're interested in contributing them back to the community. Our IP/legal/openSource teams have asked me to reach out to you to start a dialog about the best way for us to contribute (pull/merge vs fork vs other). I'd love to talk with you about it.

We have successfully achieved running Kansa realtime against up to 150K endpoints with integration in our ELK stack and live metrics/dashboards, new IR modules, etc...we think the InfoSec community could really benefit from this work, and we could benefit from other contributors adding modules that fit in our enhanced framework. You can reach me on Twitter @Jon14119114
@PolarBearGod
Copy link

For anyone following this, there is going to be a talk at the SANS DFIR Summit presenting this.
https://www.sans.org/event/digital-forensics-summit-2020/summit-agenda

@PowerPress
Copy link

@EagleOneJK whatever happened with this? Did you end up posting the additions and upgrades you made anywhere?

@PolarBearGod just checked the link which I admit is very late but it is no longer available. Anywhere I can find the upgrades?

@PolarBearGod
Copy link

SANS has changed their video and presentation delivery method so you will need to log in with your account and then look through the white papers.

This is the link that I get just by googling it but I don't know if that'll work for you.

https://www.sans.org/presentations/kansa-for-enterprise-scale-threat-hunting/

@EagleOneJK
Copy link
Contributor Author

@PowerPress The additions were integrated into the project via a pull-request

@EagleOneJK
Copy link
Contributor Author

you can also view the youtube video of the presentation here https://www.youtube.com/watch?v=ZyTbqpc7H-M

@PowerPress
Copy link

you can also view the youtube video of the presentation here https://www.youtube.com/watch?v=ZyTbqpc7H-M

Excellent video. Is the Kansa launcher available anywhere? Any suggestions on how best to build elk for Kansa?

The enhancements made look incredible any chance you could add more documentation on how to use it and generate the commandlines?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@PowerPress @PolarBearGod @EagleOneJK