From 16ff276bf1629c0af1dd8b469334eaa0ed5053c4 Mon Sep 17 00:00:00 2001 From: Doug Burks Date: Thu, 3 Oct 2019 09:05:45 -0400 Subject: [PATCH] Update README.md --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 98413e8ea..a347d19ef 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,7 @@ - Playbook and ATT&CK Navigator features are now included. - Filebeat now logs to a file, instead of stdout. - Elastalert has been updated to use Python 3 and allow for use of custom alerters. -- Elasticsearch Ingest is now used to consume Zeek logs and Suricata alerts (instead of the traditional Logstash pipeline). - This reduces the memory footprint of Logstash dramatically! +- Moved Bro/Zeek log parsing from Logstash to Elasticsearch Ingest for higher performance and lower memory usage! - Several changes to the setup script have been made to improve stability of the setup process: - Setup now modifies your hosts file so that the install works better in environments without DNS. - You are now prompted for setting a password for the socore user.