Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Capture True filter to FileRecon DB / Add Captured column to SMTP Table #42

Merged
4 commits merged into from
May 4, 2016

Conversation

craig-cogdill
Copy link

Update to Amanda's PR after talking with Rob

The mismatched formatting and order of keys is because I used the new export script to generate the files. The python dictionary that they are printed from has no ordering of keys, so the key/value pairs are in a different order. This makes no difference for ES insertion.

I will look into how the script could sort the keys in the future.

Craig Cogdill added 2 commits May 3, 2016 15:07
File Recon is now filtered on Captured True and Attach True
Conflicts:
	resources/dashboards/File-Reconstruction-Dashboard.json
	resources/dashboards/SMTP-Trends-Dashboard.json
	resources/searches/SMTP-Table.json
"hits": 0,

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see any substantive changes in this file.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice word choice

@john-gress
Copy link

👍

"description": "",
"title": "SMTP Trends Dashboard",
"panelsJSON": "[{\"id\":\"Top-10-Email-Senders\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":1},{\"id\":\"Top-10-Email-Subjects\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":4},{\"id\":\"Top-10-Email-Sender-Domains\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":4},{\"id\":\"Top-10-Attachment-Types-By-Count\",\"type\":\"visualization\",\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":1},{\"id\":\"Sessions-Over-Time\",\"type\":\"visualization\",\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":1},{\"id\":\"SMTP-Table\",\"type\":\"search\",\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":7,\"columns\":[\"Attach\",\"Captured\",\"SenderEmail\",\"ReceiverEmail\",\"Subject\",\"TotalBytes\"],\"sort\":[\"TimeUpdated\",\"desc\"]}]",
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@john-gress and other reviewers, this DB is needed. If you look towards the bottom of this line, the STMP-Table's columns have been updated to include Captured, whereas the old DB doesn't.

@ghost
Copy link

ghost commented May 4, 2016

👍

@ghost ghost merged commit 4a517c5 into logrhythm:4.1.4_NM May 4, 2016
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants