Jack Crook uses Splunk and recently the ELK stack for threat “hunting”. At Quadrant, we also use Elasticsearch in similar methods Jack describes in his blog, but I wanted to take this opportunity to see if I could mimic his work with Sagan!
To address these two issues, we made Sagan use “memory mapped” files which allow Sagan to “remember” data between system reboots and process restarts. This also allowed for “Inter-Process Communications” (IPC) between Sagan processes.
For anyone tasked to ensure compliance with the 12 requirements contained in the Payment Card Industry Data Security Standard (PCI DSS), one requirement often causes unexpected difficulty, if only because of the variety of systems involved.