Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

enrichment for Arkime data #504

Open
mmguero opened this issue Jun 25, 2024 · 0 comments
Open

enrichment for Arkime data #504

mmguero opened this issue Jun 25, 2024 · 0 comments
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request netbox Related to Malcolm's use of NetBox
Milestone
v24.09.0

Comments

@mmguero
Copy link
Collaborator

mmguero commented Jun 25, 2024

Enrichment takes place in the logstash pipeline. This, of course, precludes data being processed by Arkime capture from having the same enrichments done on them. Of particular note is the NetBox enrichment.

Arkime does have a plugin architecture. It's possible that we could build an Arkime plugin .so that takes care of this.

Need to:

  • investigate how to create an Arkime plugin .so
  • identify which enrichment(s) would be appropriate to do in the plugin, avoiding too much duplicated code if possible (although I don't know how we'd reuse any of it, tbh, as we're not going to be able to use the logstash filter stuff at all outside of logstash)
@mmguero mmguero added enhancement New feature or request arkime Relating to Malcolm's use of Arkime netbox Related to Malcolm's use of NetBox labels Jun 25, 2024
@mmguero mmguero modified the milestones: z.staging, v24.08.0, v24.09.0 Jun 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arkime Relating to Malcolm's use of Arkime enhancement New feature or request netbox Related to Malcolm's use of NetBox
Projects
Malcolm
Status: Todo (design)
Milestone
v24.09.0
Development

No branches or pull requests
1 participant
@mmguero