Skip to content

include a few more types in the default netbox enrichment log set #822

New issue
New issue
Closed
Feature
Closed
include a few more types in the default netbox enrichment log set#822
Feature
Assignees
mmguero
Labels
enhancementNew feature or requestlogstashRelating to Malcolm's use of LogstashnetboxRelated to Malcolm's use of NetBox
Milestone
v25.12.0
@mmguero

Description

@mmguero
mmguero
opened on Dec 2, 2025

For performance and storage reasons, not every log type is netbox-enriched. However, we've added a few more types to the list (new ones in bold italics):

  • suricata.alert
  • zeek.conn
  • zeek.dce_rpc
  • zeek.dhcp
  • zeek.dns
  • zeek.known_hosts
  • zeek.known_services
  • zeek.login
  • zeek.ntlm
  • zeek.notice
  • zeek.rdp
  • zeek.rfb
  • zeek.signatures
  • zeek.smb_cmd
  • zeek.smb_files
  • zeek.smb_mapping
  • zeek.software
  • zeek.ssh
  • zeek.weird

The reason for the change is to improve the data we have for tracking lateral movement (which is often done with protocols like rdp, vnc, ssh, etc.)

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestlogstashRelating to Malcolm's use of LogstashnetboxRelated to Malcolm's use of NetBox

Type

Feature

Projects

Malcolm

Status

Released

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions