Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HedgeHog Kiosk event.dataset viewer #566

Closed
ee-hex-ee opened this issue Jan 27, 2025 · 5 comments
Closed

HedgeHog Kiosk event.dataset viewer #566

ee-hex-ee opened this issue Jan 27, 2025 · 5 comments
Assignees
@mmguero
Labels
enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor
Milestone
v25.03.1

Comments

@ee-hex-ee
Copy link

Is your feature request related to a problem? Please describe.
The kiosk mode of Hedgehog OS shows stats for disk and network usage among other items. It would be wonderful to know WHAT types of logs were being generated instead of just the size on disk.

Describe the solution you'd like
A panel or rotating datapoint that shows the top 3 event.dataset types to ensure that what is being written to conn is more than router solicitations or noise from potentially misconfigured port mirrors.

Describe alternatives you've considered
I cannot think of alternatives other than going to terminal and looking at what logs are written in the zeek directory anyway. The idea is to have a quick and reliable method to see what quality of PCAP/logs are being collected.

Additional context
Find me at my desk for any questions.
@ee-hex-ee ee-hex-ee added the enhancement New feature or request label Jan 27, 2025
@mmguero mmguero added this to Malcolm Jan 27, 2025
@mmguero mmguero marked this as a duplicate of #567 Jan 28, 2025
@mmguero mmguero added the sensor For issues dealing with the Hedgehog OS capture sensor label Jan 28, 2025
@mmguero mmguero moved this to Todo (develop) in Malcolm Jan 28, 2025
@mmguero mmguero modified the milestones: z.staging, v25.03.0 Jan 28, 2025
@mmguero mmguero modified the milestones: v25.03.0, v25.03.1 Feb 25, 2025
@mmguero mmguero modified the milestones: v25.04.0, v25.03.1 Mar 19, 2025
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 24, 2025
@mmguero
checkpoint commit for cisagov#566, hedgehog kiosk event.dataset viewer
52f87c5
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 24, 2025
@mmguero
checkpoint commit for cisagov#566, hedgehog kiosk event.dataset viewer
d739fe0
@mmguero
Copy link
Collaborator

mmguero commented Mar 24, 2025
edited
Loading

So @ee-hex-ee do we want to show the top n most recently written Zeek log types? Or the top n Zeek log counts with the highest total counts?

@mmguero mmguero self-assigned this Mar 24, 2025
@mmguero mmguero moved this from Todo (develop) to In Progress in Malcolm Mar 24, 2025
@ee-hex-ee
Copy link
Author

ee-hex-ee commented Mar 24, 2025
edited
Loading

Great question. If I had to throw a concept I'd say top 5 logs overall and the count of logs for those. Just rotating to make sure capture isn't seeing just rstp or broadcast dhcp for misconfigured span ports.

Ie
Enip.log - 999,999
Cip.log - 999,998
Conn.log - 123,456
Dns.log - 7,890
Modbus.log - 5,432

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 25, 2025
@mmguero
checkpoint commit for cisagov#566, do top zeek log types by count, no…
3baf6b4 
…t by recency
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 25, 2025
@mmguero
checkpoint commit for cisagov#566, faster way of getting line count f…
5e61f2d 
…or zeek logs
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 25, 2025
@mmguero
checkpoint commit for cisagov#566, added to dashboard
5cdde71
@mmguero
Copy link
Collaborator

mmguero commented Mar 26, 2025

@ee-hex-ee thoughts on this?

Image

@ee-hex-ee
Copy link
Author

glorious

@mmguero
Copy link
Collaborator

mmguero commented Mar 26, 2025

Slightly better formatting, then calling this "good":

Image

mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 26, 2025
@mmguero
checkpoint commit for cisagov#566, hedgehog kiosk event.dataset viewer
6e8e91d
@mmguero mmguero closed this as completed Mar 26, 2025
@github-project-automation github-project-automation bot moved this from In Progress to Done in Malcolm Mar 26, 2025
mmguero added a commit to mmguero-dev/Malcolm that referenced this issue Mar 26, 2025
@mmguero
checkpoint commit for cisagov#566, documentation/screenshot
8b801de
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
enhancement New feature or request sensor For issues dealing with the Hedgehog OS capture sensor
Projects
Malcolm
Status: Done
Milestone
v25.03.1
Development

No branches or pull requests
2 participants
@mmguero @ee-hex-ee