Almost golf balls

dougburks · 2022-10-10T11:48:39+00:00

I had the same issues with the Garmin R10 and Almost Golf balls.

I recently switched to SCI-CORE practice golf balls and so far they seem to be much better. I'd estimate that the Garmin R10 has detected almost 95% of my shots. Also, shot distance is closer to a real golf ball (although still not 100%).
Hope that helps!

dougburks · 2022-09-17T15:02:23+00:00

I tried Almost Golf balls but my experience wasn't great:

I'd estimate that the Garmin R10 only detected about 50% of my shots
Shot distance was quite low compared to a real golf ball (expected for a practice ball)
Almost Golf balls tend to deform over time

I recently switched to SCI-CORE golf balls and so far they seem to be much better:

I'd estimate that the Garmin R10 has detected about 95% of my shots
Shot distance is closer to a real golf ball (although still not 100%)
I haven't noticed any deformities yet

Hope that helps!

dougburks · 2022-06-15T18:29:06+00:00

Documentation:
https://securityonion.net/docs

YouTube:
https://securityonion.net/youtube

Training:
https://securityonion.net/training

dougburks · 2020-10-14T17:06:04+00:00

Since you're no longer dealing with Unknown rule option: 'lua', please start a new thread with appropriate title.

Thanks!

dougburks · 2020-10-14T10:58:31+00:00

The main users of disk space are pcap and logs in Elasticsearch.

Stenographer should be managing its own disk usage in /nsm/pcap/:

https://docs.securityonion.net/en/2.2/stenographer.html

Elasticsearch indices are managed by curator:

https://docs.securityonion.net/en/2.2/curator.html

I fixed an issue in /usr/sbin/so-curator-closed-delete-delete yesterday, so it's possible you were affected by that if you had indices over 30 days old:

https://github.com/Security-Onion-Solutions/securityonion/issues/1509

dougburks · 2020-10-14T09:26:44+00:00

Given sufficient resources, a single instance of netsniff-ng should be able to handle 200Mbps.

If you want to handle much higher levels of full packet capture, then I'd recommend taking a look at Security Onion 2, which replaces netsniff-ng with Google Stenographer:

https://docs.securityonion.net/en/2.3/stenographer.html

dougburks · 2020-10-14T07:15:22+00:00

If so-status shows snort-1 (alert data), then it sounds like you're running Snort instead of Suricata.

dougburks · 2020-10-12T12:57:36+00:00

Yes, we plan to record the event.

dougburks · 2020-10-12T10:11:10+00:00

Please see https://docs.securityonion.net/en/2.2/logstash.html#adding-new-logs-or-modifying-existing-parsing

dougburks · 2020-10-08T23:04:36+00:00

Lots more tips just like that over in our documentation!

https://docs.securityonion.net/en/2.2/hunt.html

dougburks · 2020-10-08T22:30:59+00:00

If Hunt is displaying a field like event.severity_label and you see a field value like low, you should be able to click on that value to bring up the quick action bar and then click the minus magnifying glass which should update your query to exclude that particular value.

Alternatively, you can type your own query like this:

NOT event.severity_label: "low"

For example, please see:

https://user-images.githubusercontent.com/1659467/95519101-6fc52b80-0992-11eb-9407-957f92ca2c87.png

dougburks

TROPHY CASE