You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to security-onion
So we had Elastic services go down after updating and they were down for approx 19 hours. Of course, we had an incident in that time period in which we need to search logs in Kibana. We are needing to view the user's post and get request for a few IPs as well as pcap data if possible. I know the logs are on the servers, I'm just not sure what the most efficient way of obtaining this information and putting it together. I am currently viewing bro logs and parsing out data but it's obviously taking forever and I'm still not sure the best route to take here. Any help is greatly appreciated!