Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

handle multiple NetBox sites #449

Open
mmguero opened this issue Mar 19, 2024 · 0 comments
Open

handle multiple NetBox sites #449

mmguero opened this issue Mar 19, 2024 · 0 comments
Assignees
@mmguero
Labels
capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash netbox Related to Malcolm's use of NetBox sensor For issues dealing with the Hedgehog OS capture sensor upload Relating to PCAP and/or Zeek log ingestion
Milestone
v24.06.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Mar 19, 2024

NetBox has the concept of sites. Malcolm doesn't handle multiple sites very well (at all, really), it just lets the user provide a NETBOX_DEFAULT_SITE value that is checked against tags for upload and used for live capture.

We should allow multiple sites, which means we need to provide a way to associate captured data with a particular site. This includes:

  • uploaded pcap: the upload interface should allow the user to specify a site name to associate with files uploaded in a batch of PCAP files
  • hedgehog linux: when setting up capture hedgehog should allow the user to specify a site name
  • malcolm live capture: when capturing from local network interfaces we should allow Malcolm to specify a site (this might be the NETBOX_DEFAULT_SITE variable above)

This needs to come through for all uploaded data and captured with Zeek and Suricata. We could look at arkime as well although I'm not sure where it would be specified for arkime data. The value is stored today in source.device.site and source.segment.site and destination.device.site and destination.segment.site.
@mmguero mmguero added capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash upload Relating to PCAP and/or Zeek log ingestion sensor For issues dealing with the Hedgehog OS capture sensor netbox Related to Malcolm's use of NetBox labels Mar 19, 2024
@mmguero mmguero modified the milestones: z.staging, v24.04.0 Mar 19, 2024
@mmguero mmguero modified the milestones: z.staging, v24.05.0, v24.04.0 Mar 27, 2024
@mmguero mmguero modified the milestones: v24.04.0, v24.05.0 Apr 4, 2024
@mmguero mmguero self-assigned this Apr 23, 2024
@mmguero mmguero mentioned this issue Apr 29, 2024
Open
@mmguero mmguero modified the milestones: v24.05.0, z.staging Apr 29, 2024
@mmguero mmguero modified the milestones: z.staging, v24.06.0 May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
capture Relating to pcap-capture container enhancement New feature or request logstash Relating to Malcolm's use of Logstash netbox Related to Malcolm's use of NetBox sensor For issues dealing with the Hedgehog OS capture sensor upload Relating to PCAP and/or Zeek log ingestion
Projects
Malcolm
Status: Todo (design)
Milestone
v24.06.0
Development

No branches or pull requests
1 participant
@mmguero