update for fixing push issues

2024-11-07 01:55:21 +00:00 · 2019-02-07 00:25:17 +01:00 · 2019-02-07 00:25:17 +01:00 · a14922e51c
commit a14922e51c
parent 0d2b1171c9 b19867ce4d
5 changed files with 0 additions and 183 deletions
--- a/dataneeded/DN_0002_4688_windows_process_creation_with_commandline.yml
+++ b/dataneeded/DN_0002_4688_windows_process_creation_with_commandline.yml
@ -23,10 +23,7 @@ fields:
  - Image               # redundant, inconsistent
  - CommandLine
  - ProcessCommandLine  # redundant, inconsistent
-<<<<<<< HEAD
-=======
  - ProcesssCommandLine # redundant, inconsistent
->>>>>>> updated DNs naming scheme
  - ParentProcessPid
  - ParentImage         # redundant, inconsistent
  - ParentProcessName
@ -35,7 +32,6 @@ fields:
  - LogonId
 sample: |
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<<<<<<< HEAD
    - <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
        <EventID>4688</EventID> 
@ -70,38 +66,3 @@ sample: |
        <Data Name="MandatoryLabel">S-1-16-12288</Data> 
      </EventData>
    </Event>
-=======
-  - <System>
-      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> 
-      <EventID>4688</EventID> 
-      <Version>2</Version> 
-      <Level>0</Level> 
-      <Task>13312</Task> 
-      <Opcode>0</Opcode> 
-      <Keywords>0x8020000000000000</Keywords> 
-      <TimeCreated SystemTime="2015-11-12T02:24:52.377352500Z" /> 
-      <EventRecordID>2814</EventRecordID> 
-      <Correlation /> 
-      <Execution ProcessID="4" ThreadID="400" /> 
-      <Channel>Security</Channel> 
-      <Computer>WIN-GG82ULGC9GO.contoso.local</Computer> 
-      <Security /> 
-    </System>
-  - <EventData>
-      <Data Name="SubjectUserSid">S-1-5-18</Data> 
-      <Data Name="SubjectUserName">WIN-GG82ULGC9GO$</Data> 
-      <Data Name="SubjectDomainName">CONTOSO</Data> 
-      <Data Name="SubjectLogonId">0x3e7</Data> 
-      <Data Name="NewProcessId">0x2bc</Data> 
-      <Data Name="NewProcessName">C:\\Windows\\System32\\rundll32.exe</Data> 
-      <Data Name="TokenElevationType">%%1938</Data> 
-      <Data Name="ProcessId">0xe74</Data> 
-      <Data Name="TargetUserSid">S-1-5-21-1377283216-344919071-3415362939-1104</Data> 
-      <Data Name="TargetUserName">dadmin</Data> 
-      <Data Name="TargetDomainName">CONTOSO</Data> 
-      <Data Name="TargetLogonId">0x4a5af0</Data> 
-      <Data Name="ParentProcessName">C:\\Windows\\explorer.exe</Data> 
-      <Data Name="MandatoryLabel">S-1-16-8192</Data> 
-    </EventData>
-  </Event>
->>>>>>> updated DNs naming scheme
--- a/dataneeded/DN_0006_2_windows_sysmon_process_changed_a_file_creation_time.yml
+++ b/dataneeded/DN_0006_2_windows_sysmon_process_changed_a_file_creation_time.yml
@ -6,10 +6,7 @@ loggingpolicy:
 references:
  - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90002
  - https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-2.md
-<<<<<<< HEAD
 category: OS Logs
-=======
->>>>>>> updated DNs naming scheme
 platform: Windows
 type: Windows Log
 channel: Microsoft-Windows-Sysmon/Operational
@ -26,35 +23,6 @@ fields:
  - PreviousCreationUtcTime
 sample: |
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<<<<<<< HEAD
-    - <System>
-        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" /> 
-        <EventID>2</EventID> 
-        <Version>4</Version> 
-        <Level>4</Level> 
-        <Task>2</Task> 
-        <Opcode>0</Opcode> 
-        <Keywords>0x8000000000000000</Keywords> 
-        <TimeCreated SystemTime="2018-12-10T15:08:56.961102400Z" /> 
-        <EventRecordID>6994</EventRecordID> 
-        <Correlation /> 
-        <Execution ProcessID="2940" ThreadID="3576" /> 
-        <Channel>Microsoft-Windows-Sysmon/Operational</Channel> 
-        <Computer>atc-win-10.atc.local</Computer> 
-        <Security UserID="S-1-5-18" /> 
-        </System>
-    - <EventData>
-        <Data Name="RuleName" /> 
-        <Data Name="UtcTime">2018-12-10 15:08:56.954</Data> 
-        <Data Name="ProcessGuid">{9683FBB1-8164-5C0E-0000-00104B532800}</Data> 
-        <Data Name="ProcessId">2788</Data> 
-        <Data Name="Image">C:\Users\user1\AppData\Local\Temp\chocolatey\wireshark\2.6.5\Wireshark-win64-2.6.5.exe</Data> 
-        <Data Name="TargetFilename">C:\Program Files\Wireshark\user-guide.chm</Data> 
-        <Data Name="CreationUtcTime">2018-11-28 18:37:08.000</Data> 
-        <Data Name="PreviousCreationUtcTime">2018-12-10 15:08:56.486</Data> 
-      </EventData>
-    </Event>
-=======
  - <System>
      <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
      <EventID>2</EventID>
@ -81,6 +49,3 @@ sample: |
      <Data Name="PreviousCreationUtcTime">2017-07-30 23:26:47.317</Data>
    </EventData>
  </Event>
-
->>>>>>> updated DNs naming scheme
-
--- a/dataneeded/DN_0007_3_windows_sysmon_network_connection.yml
+++ b/dataneeded/DN_0007_3_windows_sysmon_network_connection.yml
@ -6,10 +6,7 @@ loggingpolicy:
 references:
  - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90003
  - https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-3.md
-<<<<<<< HEAD
 category: OS Logs
-=======
->>>>>>> updated DNs naming scheme
 platform: Windows
 type: Windows Log
 channel: Microsoft-Windows-Sysmon/Operational
@ -36,44 +33,6 @@ fields:
  - DestinationPortName
 sample: |
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<<<<<<< HEAD
-    - <System>
-        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" /> 
-        <EventID>3</EventID> 
-        <Version>5</Version> 
-        <Level>4</Level> 
-        <Task>3</Task> 
-        <Opcode>0</Opcode> 
-        <Keywords>0x8000000000000000</Keywords> 
-        <TimeCreated SystemTime="2019-02-05T15:16:29.384924000Z" /> 
-        <EventRecordID>16000</EventRecordID> 
-        <Correlation /> 
-        <Execution ProcessID="1828" ThreadID="2764" /> 
-        <Channel>Microsoft-Windows-Sysmon/Operational</Channel> 
-        <Computer>ATC-WIN-7.atc.local</Computer> 
-        <Security UserID="S-1-5-18" /> 
-      </System>
-    - <EventData>
-        <Data Name="RuleName" /> 
-        <Data Name="UtcTime">2019-02-05 15:16:17.411</Data> 
-        <Data Name="ProcessGuid">{A96EFBF1-A8C9-5C59-0000-0010D274D300}</Data> 
-        <Data Name="ProcessId">3900</Data> 
-        <Data Name="Image">C:\Users\user1\Desktop\SysinternalsSuite\PsExec.exe</Data> 
-        <Data Name="User">ATC-WIN-7\user1</Data> 
-        <Data Name="Protocol">tcp</Data> 
-        <Data Name="Initiated">true</Data> 
-        <Data Name="SourceIsIpv6">false</Data> 
-        <Data Name="SourceIp">10.0.0.111</Data> 
-        <Data Name="SourceHostname">ATC-WIN-7.atc.local</Data> 
-        <Data Name="SourcePort">49603</Data> 
-        <Data Name="SourcePortName" /> 
-        <Data Name="DestinationIsIpv6">false</Data> 
-        <Data Name="DestinationIp">10.0.0.103</Data> 
-        <Data Name="DestinationHostname">ATC-WIN-10</Data> 
-        <Data Name="DestinationPort">135</Data> 
-        <Data Name="DestinationPortName">epmap</Data> 
-      </EventData>
-=======
  - <System>
      <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
      <EventID>3</EventID>
@ -111,7 +70,6 @@ sample: |
      <Data Name="DestinationPort">443</Data>
      <Data Name="DestinationPortName">https</Data>
    </EventData>
->>>>>>> updated DNs naming scheme
    </Event>


--- a/dataneeded/DN_0008_4_windows_sysmon_sysmon_service_state_changed.yml
+++ b/dataneeded/DN_0008_4_windows_sysmon_sysmon_service_state_changed.yml
@ -1,8 +1,4 @@
-<<<<<<< HEAD
-title: DN_0007_windows_sysmon_sysmon_service_state_changed_4
-=======
 title: DN_0008_4_windows_sysmon_sysmon_service_state_changed
->>>>>>> updated DNs naming scheme
 description: >
  Sysmon service changed status
 loggingpolicy: 
@ -10,10 +6,7 @@ loggingpolicy:
 references:
  - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90004
  - https://github.com/Cyb3rWard0g/OSSEM/blob/master/data_dictionaries/windows/sysmon/event-4.md
-<<<<<<< HEAD
 category: OS Logs
-=======
->>>>>>> updated DNs naming scheme
 platform: Windows
 type: Windows Log
 channel: Microsoft-Windows-Sysmon/Operational
@ -25,30 +18,6 @@ fields:
  - State
 sample: |
  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-<<<<<<< HEAD
-    - <System>
-        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" /> 
-        <EventID>4</EventID> 
-        <Version>3</Version> 
-        <Level>4</Level> 
-        <Task>4</Task> 
-        <Opcode>0</Opcode> 
-        <Keywords>0x8000000000000000</Keywords> 
-        <TimeCreated SystemTime="2019-02-05T13:11:20.289486200Z" /> 
-        <EventRecordID>45818</EventRecordID> 
-        <Correlation /> 
-        <Execution ProcessID="3172" ThreadID="4192" /> 
-        <Channel>Microsoft-Windows-Sysmon/Operational</Channel> 
-        <Computer>atc-win-10.atc.local</Computer> 
-        <Security UserID="S-1-5-18" /> 
-      </System>
-    - <EventData>
-        <Data Name="UtcTime">2019-02-05 13:11:20.281</Data> 
-        <Data Name="State">Started</Data> 
-        <Data Name="Version">8.00</Data> 
-        <Data Name="SchemaVersion">4.10</Data> 
-      </EventData>
-=======
  - <System>
        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
        <EventID>4</EventID>
@ -71,7 +40,6 @@ sample: |
        <Data Name="Version">6.01</Data>
        <Data Name="SchemaVersion">3.30</Data>
    </EventData>
->>>>>>> updated DNs naming scheme
    </Event>


--- a/dataneeded/DN_0009_5_windows_sysmon_process_terminated.yml
+++ b/dataneeded/DN_0009_5_windows_sysmon_process_terminated.yml
@ -5,10 +5,7 @@ loggingpolicy:
  - None
 references:
  - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90005
-<<<<<<< HEAD
 category: OS Logs
-=======
->>>>>>> updated DNs naming scheme
 platform: Windows
 type: Windows Log
 channel: Microsoft-Windows-Sysmon/Operational
@ -21,33 +18,6 @@ fields:
  - ProcessId
  - Image
 sample: |
-<<<<<<< HEAD
-  - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
-    - <System>
-        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" /> 
-        <EventID>5</EventID> 
-        <Version>3</Version> 
-        <Level>4</Level> 
-        <Task>5</Task> 
-        <Opcode>0</Opcode> 
-        <Keywords>0x8000000000000000</Keywords> 
-        <TimeCreated SystemTime="2019-02-05T15:16:38.833314100Z" /> 
-        <EventRecordID>57994</EventRecordID> 
-        <Correlation /> 
-        <Execution ProcessID="3172" ThreadID="4192" /> 
-        <Channel>Microsoft-Windows-Sysmon/Operational</Channel> 
-        <Computer>atc-win-10.atc.local</Computer> 
-        <Security UserID="S-1-5-18" /> 
-      </System>
-    - <EventData>
-        <Data Name="RuleName" /> 
-        <Data Name="UtcTime">2019-02-05 15:16:38.821</Data> 
-        <Data Name="ProcessGuid">{9683FBB1-A8D6-5C59-0000-001009797000}</Data> 
-        <Data Name="ProcessId">2440</Data> 
-        <Data Name="Image">C:\Windows\PSEXESVC.exe</Data> 
-      </EventData>
-    </Event>
-=======
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
        <Provider Name="Microsoft-Windows-Sysmon" Guid="{5770385F-C22A-43E0-BF4C-06F5698FFBD9}" />
@ -72,8 +42,3 @@ sample: |
        <Data Name="Image">C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</Data>
    </EventData>
  </Event>
-
-
-
-
->>>>>>> updated DNs naming scheme