Debuted at OSDFCon 2018, this version contains all of the previous capabilities as well as tested LINE_MERGE fixed for multiline forwarded Volatility JSON events. Enjoy and see whats coming in the OSDFcon 2018 published slides for "Farming the Loot Cave: Threat Hunting in Memory with the Volatility Framework and Big Data".
Rewritten to utilize one core and effectively manage memory
Ingest data now comes in JSON format with fields matching original volatility output fields
Exception is field names are lowercased and have special character ('s, )'s and |'s removed.
Tested on 7.1 ad 7.0
getaddress custom command converts decimal offset values to hex for faster follow on actions in volatility
Included Documentation/QuickStart dashboard --> documentation.xml
Moved windows_envar.py to windows_envars.py
Changed inputs, props and transforms to reflect changes to windows_envars.py
Fixed line breaking error in windows_mftparser.py
Currently troubleshooting listprocess custom command from bug report.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.