First reported in #1241

The ssh_server_host_key event is supposed to fire for both SSHv1 and SSHv2 host keys. However, this was never implemented.

Right now, the PUBKEY_HASH intel type does not work.

It would be nice to have some documentation on search operators and what are some of the common fields to search on (e.g. data_type, event_identifier, etc.). Also probably want to mention partial word matches requires globbing characters, etc.

I was wondering the benefit of using Modular File Management vs Single Config File Management? Why do you consider it easier to use multiple files and then compile? Trying to figure out what the best case is for my use case. Thanks. #

Right now a lot of the logging from the tasks does not get propagated back to the user, so we should make sure that all of the tasks are adding logs and errors to the results so that at minimum the data gets put into the worker-log.txt. Ideally we would store this info in datastore so that the clients could query it later (this part is in #115).

The following terms need to be replaced everywhere:

• scrape: before using capture, we used scrape/scraping. The few remaining places where scrape is used need to be changed.
• flag: rename to bookmark => Lookyloo/lookyloo#114
• legitimate: rename to known