A tool collection for filtering and visualizing logon events. Designed to help answering the "Cotton Eye Joe" question (Where did you come from where did you go) in Security Incidents and Threat Hunts
I'm trying to get the data from the velo integration, however the cell id is cell_id=NC.CQ7HMMAG35HO2 when it should be something like
cell_id=NC.CQ7HMMAG35HO2-CQ7JC9G6TLLJC
Using Chrome Inspect tool I was able to hardcode the cell ID in the veloapi.js and it seemed to work. the cell_id seams to be pretty dynamic and always changing. my java skills are poor at best.
I am just trying out Blauhaunt and experience some issues. When clicking the "Load Root" button the logic in veloAPI.js tries to fetch data from the server. However, this logic does interfere with hunts that are not related to Blauhaunt. I now have a "BLAUHAUNT" cell in every hunt, even if it does not load data for blauhaunt. Furthermore the reload logic fails on this line https://github.com/cgosec/Blauhaunt/blob/main/app/static/js/veloAPI.js#L136 since the data object is empty.
Am I doing something wrong, or is this a bug in Blauhaunt?