You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 21, 2023. It is now read-only.
We will need a way to prevent a misbehaving input from flooding the shipper queue and preventing events from other inputs from being published.
This is a particular concern when the shipper is integrated with the endpoint security input. A user, misbehaving input, or malicious actor should not be able to flood the shipper with log files or other data and prevent or reduce the publishing of security events.
The easiest way to prevent this in the current system is to have the agent provision a separate shipper process for endpoint security, but this will always mean there is an additional queue and output to tune. In the ideal case this would be unnecessary but it is more difficult to achieve.
We will need a way to prevent a misbehaving input from flooding the shipper queue and preventing events from other inputs from being published.
This is a particular concern when the shipper is integrated with the endpoint security input. A user, misbehaving input, or malicious actor should not be able to flood the shipper with log files or other data and prevent or reduce the publishing of security events.
The easiest way to prevent this in the current system is to have the agent provision a separate shipper process for endpoint security, but this will always mean there is an additional queue and output to tune. In the ideal case this would be unnecessary but it is more difficult to achieve.