Mastodawn

Viewing #remcos alerts from FlowCarp in @ish's #EveBox
https://netresec.com/?b=2659fc0

Remcos Alerts from FlowCarp in EveBox

There is a wonderful little web based alert and event front-end called EveBox, which renders Eve JSON formatted data to a graphical user interface. This blog post demonstrates how EveBox can be used to show alert and flow information that FlowCarp has extracted from a Remcos malware infection. Remco[...]

Netresec

Jason Ish Jul 13, 2024

Time to plug my Simple-IDS tool again, IMO the easiest way to try Suricata with a web UI (EveBox) - just provide the interface name: https://evebox.org/simple-ids/ -- Docker or Podman required, but they're ubiquitous now right? #suricata #ids #evebox

Simple-IDS - Suricata & EveBox Simply | EveBox

Simple-IDS is a tool to easily run Suricata and EveBox on Linux systems

gary May 13, 2024

my bash history on the new ids box has 500+ entries - i did try to remove systend networking but turned out it wasn't installed - will try to mess with network/inf and see if that is going to work for me - maybe remove network manager - I think using it as main ws and installing most all of the ids apps makes some sense #evebox #arkime #elastic #zeek #netsniff-ng#kibana#suricata#ntop-ng#wazuh#net plan.io

Jason Ish Dec 13, 2022

Re-evaluating Angular as the frontend toolkit for #EveBox. With each new release of Angular I understand less and less of the changes. Thinking a lighter library like SolidJS, or React might be more appropriate for a side project where I just want to get shit done.