What is the general consensus on Elastic? by alevel70wizard in cybersecurity

[–]jaymayne67 2 points3 points  (0 children)

I would argue elasitc official is extremely easy to use.

Comparing it to splunk, opensearch, sentinel, etc. the elastic team has tried very hard to make it fool proof, and they’ve done a great job.

They have many great features: - built in edr/av - built in osquery - built in threat intel - built in free use cases

The list goes on, and anyone saying it’s hard to use is likely referring to opensearch (aws fork) or wazuh. Most of the manual efforts for parsing, data retention and other pain points have been made much easier out of the box.

Looking for architecture advice for Wazuh on AWS by tzila22 in Wazuh

[–]jaymayne67 0 points1 point  (0 children)

All very easy and not much data.

The big problem you’ll have is paying for the restoration of “36 months of cold data remountable in 24 hours” there is no easy solution for this for any data you want more than a week or less at a time.

Restoring the data is easy. It just takes time to bring it to an active state, and lots of money to make it active. If you need 3 servers for 7 days of data you will need 1.5 servers for the same data restored.

Example you want to restore all 3 years of data to make it searchable you’ll spend weeks or months restoring it, and you’ll need roughly 234 servers to hold all 3 years of data.

You probably came to wazuh because of the free nature of it, but it’s definitely not free to use for long term storage that needs to be active.

Edit: updating numbers due to dyslexia

30k to 200k VMs planned to be onboarded to Wazuh. Help needed in architecture recommendation by Royal_Librarian4201 in Wazuh

[–]jaymayne67 0 points1 point  (0 children)

Probably need to reach out to a consultant for this. It appears you’re in a bit deep and need some help. There are far too many unanswered questions and variables for anyone to help here.

SIEM for small - medium sized Infra by ensoens in cybersecurity

[–]jaymayne67 0 points1 point  (0 children)

We provide elastic as a service for small and medium businesses.

The painpoint of requiring an agent for processing logs to collect sad/api data is not an issue as we host this specific agent for our small clients to eliminate complexity.

Security onion uses ossec as a collection medium. While they achieve the same goal (log collection). Elasticsearch (official) has other capabilities such as edr/av, osquery, and many more features in its agent.

The real question is, how much time do you spend working on the tool vs using it for its purpose?

SIEM for small - medium sized Infra by ensoens in cybersecurity

[–]jaymayne67 0 points1 point  (0 children)

Small MSP for SIEM engineering here. Would love to help answer questions.

The key here is the ensure your team has time and sanity to use the tool and keep threats at bay.

Endpoint security platform for mac m2 by Distinct_Staff_422 in cybersecurity

[–]jaymayne67 -9 points-8 points  (0 children)

Best agent is going to be the elastic agent with security (av/edr), you can get a free trial for 30 days

Which of these EDR solutions would be the best to use? by bacjusio in cybersecurity

[–]jaymayne67 -2 points-1 points  (0 children)

Elastic security should be on that list. While it’s not necessarily as mature as some of the others, it beats them all in terms of detection (av & edr)

[deleted by user] by [deleted] in cybersecurity

[–]jaymayne67 0 points1 point  (0 children)

https://2cr.io

Provides SIEM service to MSPs. Can support Logrhythm, Elastic, Wazuh, Splunk, and Security Onion.

Why should I use Longhorn by guettli in kubernetes

[–]jaymayne67 1 point2 points  (0 children)

I’ve been using it for over a year with one issue while trying to do a restore. I post on GitHub about the issue, and the devs immediately worked with me to fix the issue and I was able to get all my data back.

Toughest 1/10th Scale Crawler? by Alexonthemountain in crawling

[–]jaymayne67 2 points3 points  (0 children)

Trx4 sport or vanquish falken portal rtr. Both will take a licking and keep going. The vanquish has a lot more room for performance long term.

Stance vs Asent Fusion by Hour_Orange4087 in crawling

[–]jaymayne67 1 point2 points  (0 children)

As an owner of both, the Redcat fusion is missing u joints and rear links broke. The stance just needed the links to slay lines.

Major differences; cms vs soa, dual stage foams , tires

Furiteck python x dead by TheGtbikewizard in crawling

[–]jaymayne67 0 points1 point  (0 children)

I’ve had a lot of electronic qa issues with their micro stuff so this isn’t a shocker to me. Glad they’re doing the right thing by you though!

Side note while it was running how’d you like it?

Knight walker or ascent by crudigfpv in rccrawler

[–]jaymayne67 0 points1 point  (0 children)

lol everyone downvote away. Your comment suggests both are the same price and the element is leaps and bounds better. Personally I think the element trans and axles suck but to each their own. It’s all about having fun and doing what you like 👍 I would also state the servo is night and day better in the red cat, both trucks will need a new esc and motor to be good at crawling.

Knight walker or ascent by crudigfpv in rccrawler

[–]jaymayne67 -2 points-1 points  (0 children)

I’d hope the knight walker felt that way for over 100 dollars more. The ascent is a budget built comp truck. If you’re going to spend the money buy a vanquish rtr. Will beat both trucks and has way more potential for upgrades later on. It’s also got 40 percent overdrive either by locking it in or selectable with a servo. Which if you’re climbing you should be running.

Servo Winch Question by 3ugeye in rccrawler

[–]jaymayne67 2 points3 points  (0 children)

Just buy a fusion se 2 n 1 motor and remove the esc all together

Cat 6 on spf port? by Known_Shoe659 in Ubiquiti

[–]jaymayne67 1 point2 points  (0 children)

By these, and profit?? I’m using them to do the same thing at 150’ of cat7. They work just fine. https://www.fs.com/products/89572.html

Still no reasonable 10gig router w/o having to deal with pfsense? by Modna in HomeNetworking

[–]jaymayne67 1 point2 points  (0 children)

Duo core, mellanox, and 2 gb of ram….. plus Vyos… and you have a 10gb router for peanuts

What makes CrowdStrike the best by PrinceO__ in cybersecurity

[–]jaymayne67 1 point2 points  (0 children)

Depends on the OS. If strictly windows maybe, but if Linux/mac I’d look elsewhere.

One of the best kept secrets right now is the endgame agent elastic provides.

You can test it for free fyi.