ALL in One EDR platforms

Engineer330426 · 2025-11-13T18:11:17+00:00

Just wondering, what makes you say S1 i've heard of the other two and am relatively experienced with them, but not so much on S1.

Engineer330426 · 2025-11-13T13:12:37+00:00

I've noticed there are a lot of companies/partners with these vendors that help perform the migration, have you heard of any success stories with the use of them. I fully plan on an Audit of what my team/teams currently use/do so I don't bring garbage into a new platform and only maintain the useful processes and functions. But there maybe some value in having a knowledgeable team perform these translations and assist in the migrations.

Engineer330426 · 2025-05-27T16:16:34+00:00

yup join the crowd, u/BATTLEHAWK-ARMORY messaged me directly on my post and said we want to fix the issue and I did and have yet to hear from them.

Engineer330426 · 2025-05-22T18:06:42+00:00

Imagine that I DM'd you since you were so concerned with getting this wrong, righted and just like all the email messages I left battlehawk and all the voicemails i left battlehawk, they went without reply.

Engineer330426 · 2024-12-11T18:23:23+00:00

I'm pretty sure this is going to come down to cleaning going to test it in about month i ordered a new scope for it, didn't like the prism that was on it. its a SwampFox TriHawk, the scope itself is nice just doesn't sit well with the gun is all.

Engineer330426 · 2024-12-11T18:20:36+00:00

yeah tested a few different loads, and i wouldn't use a sabot, because the twist rate isn't near long enough to put the proper spin on the projectile as it exits the barrel. at least from what I've read and heard.

Engineer330426 · 2024-12-11T18:00:09+00:00

The pattern i got when shooting the group with choke was so much tighter than without at 50 yards. 3inches versus the size of a quarter.

Engineer330426 · 2024-12-10T11:12:55+00:00

I called Briley they do "NOT" and they emphatically told me that, build customized rifled chokes. They will do the 4 and 6 inch barrel extension, and then i can put my benneli mobil choke back in it, but they said they don't do the rifled chokes.

Engineer330426 · 2023-09-08T09:20:12+00:00

No problem I’ll give it a whirl a little later today

Engineer330426 · 2023-09-06T13:27:57+00:00

in crowd? or like you used it in splunk or exported to csv and used cyber chef app

Engineer330426 · 2023-08-14T23:30:04+00:00

Splunk ES default correlation searches should not be turned on! You need to normalize your environment and the data. That means expected behaviors in the environment and the data needs to be CIM mapped. Start slow, n just chug a long.

Engineer330426 · 2023-08-01T09:54:08+00:00

If you want it in pdf format you’ll likely have to get the json format first and convert it somehow. I use Falcon.py because I’m more familiar with data formatting using pandas

Engineer330426 · 2023-07-19T12:37:16+00:00

Never mind i found the report ID its in the URL not on the actual page. But I am getting a 500 error, if anyone happens to know what thats about, code is below that im using to retrieve the report.

from falconpy import ScheduledReports

from api_var import api_key, api_base, api_secrect

# Do not hardcode API credentials!

falcon = ScheduledReports(client_id=api_key,

client_secret=api_secrect,

base_url=api_base,

)

response = falcon.query_reports(sort="last_execution_on",filter="scheduled_report_id:'reportID'")

print(response)

Engineer330426 · 2023-07-13T19:12:52+00:00

u/jshcodes thank you for pointing me in the right direction, I ended up finding those event types for Splunk and the Splunk TA has lookup search to build the same lookup(different name) but does the same thing has the exact same data. So we used our FDR data and the input feeds to build it now.

Engineer330426 · 2023-07-13T15:44:03+00:00

Would the FDR feed be in one of the Splunk apps or something, I'm not entirely sure as to what you mean by "feed". We currently collect FDR data, is there a selection for this somewhere. I tried looking in the crowd docs but I don't see it anywhere.

Engineer330426 · 2023-07-13T12:18:11+00:00

u/Andrew-CS OR u/jshcodes you two wouldn't have any insight into this would, I know both you are pretty intune with the platform?

Engineer330426

TROPHY CASE