valitydev/atomic-threat-coverage
14
0
Fork 0
mirror of https://github.com/valitydev/atomic-threat-coverage.git synced 2024-11-06 09:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'typos_fixing' into 'master'

Browse Source 
added category to DNs; fixed fileame of one DN

See merge request krakow2600/atomic-threat-coverage!18
This commit is contained in:
Daniil Yugoslavskiy 2019-02-06 23:30:06 +00:00
commit cc1128f893
13 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
dataneeded/DN_0001_4688_windows_process_creation.yml
View File

@ -5,6 +5,7 @@ loggingpolicy:
- LP_0001_windows_audit_process_creation
references:
- https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0002_4688_windows_process_creation_with_commandline.yml
View File

@ -6,6 +6,7 @@ loggingpolicy:
- LP_0002_windows_audit_process_creation_with_commandline
references:
- https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0003_1_windows_sysmon_process_creation.yml
View File

@ -5,6 +5,7 @@ loggingpolicy:
- LP_0003_windows_sysmon_process_creation
references:
- https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=90001
category: OS Logs
platform: Windows
type: Windows Log
channel: Microsoft-Windows-Sysmon/Operational

1
dataneeded/DN_0004_4624_windows_account_logon.yml
View File

@ -5,6 +5,7 @@ loggingpolicy:
- LP_0004_windows_audit_logon
references:
- https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4688.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0005_7045_windows_service_insatalled.yml
View File

@ -3,6 +3,7 @@ description: >
A service was installed in the system.
loggingpolicy: None
references: None
category: OS Logs
platform: Windows
type: Windows Log
channel: System

1
dataneeded/DN_0026_5136_windows_directory_service_object_was_modified.yml
View File

@ -3,6 +3,7 @@ description: >
A directory service object was modified.
loggingpolicy: LP_0025_windows_audit_directory_service_changes
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-5136.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0027_4738_user_account_was_changed.yml
View File

@ -3,6 +3,7 @@ description: >
User object is changed.
loggingpolicy: LP_0026_windows_audit_user_account_management
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4738.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0028_4794_directory_services_restore_mode_admin_password_set.ym → dataneeded/DN_0028_4794_directory_services_restore_mode_admin_password_set.yml
View File

@ -3,6 +3,7 @@ description: >
Directory Services Restore Mode (DSRM) administrator password is changed.
loggingpolicy: LP_0026_windows_audit_user_account_management
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4794.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0029_4661_handle_to_an_object_was_requested.yml
View File

@ -6,6 +6,7 @@ loggingpolicy:
- LP_0027_windows_audit_directory_service_access
- LP_0028_windows_audit_sam
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4794.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0030_4662_operation_was_performed_on_an_object.yml
View File

@ -3,6 +3,7 @@ description: >
An operation was performed on an Active Directory object.
loggingpolicy: LP_0027_windows_audit_directory_service_access
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-4662.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0031_7036_service_started_stopped.yml
View File

@ -3,6 +3,7 @@ description: >
Service entered the running/stopped state.
loggingpolicy: None
references: http://www.eventid.net/display-eventid-7036-source-Service%20Control%20Manager-eventno-1529-phase-1.htm
category: OS Logs
platform: Windows
type: Windows Log
channel: System

1
dataneeded/DN_0032_5145_network_share_object_was_accessed_detailed.yml
View File

@ -3,6 +3,7 @@ description: >
Network share object (file or folder) was accessed. Detailed log with AccessReason and RelativeTargetName.
loggingpolicy: LP_0029_windows_audit_detailed_file_share
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-5145.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security

1
dataneeded/DN_0033_5140_network_share_object_was_accessed.yml
View File

@ -3,6 +3,7 @@ description: >
Network share object (file or folder) was accessed.
loggingpolicy: LP_0030_windows_audit_file_share
references: https://github.com/MicrosoftDocs/windows-itpro-docs/blob/95b9d7c01805839c067e352d1d16702604b15f11/windows/security/threat-protection/auditing/event-5140.md
category: OS Logs
platform: Windows
type: Windows Log
channel: Security